cdr:vms:web-server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
cdr:vms:web-server [2017/05/06 04:29]
jamesdro [Access Control] 		cdr:vms:web-server [2018/03/12 06:54] (current)
jamesdro Updating firewall rules
Line 16: Line 16:
  
 <file conf /​etc/​iptables/​rules.v4>​ <file conf /​etc/​iptables/​rules.v4>​
-# Generated by iptables-save v1.4.21 on Fri Mar 24 01:42:12 2017+# Generated by iptables-save v1.4.21 on Mon Feb 19 17:37:45 2018
 *filter *filter
-:INPUT DROP [1:36]+:INPUT DROP [15:1067]
 :FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
-:OUTPUT DROP [1:84]+:OUTPUT DROP [0:0] 
 +:​fail2ban-ssh - [0:0] 
 +-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
 -A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Line 28: Line 30:
 -A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
 -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT
--A OUTPUT ​-p tcp -m tcp -d 128.205.32.55 --dport 25 -j ACCEPT+-A OUTPUT -d 128.205.32.55/32 -p tcp -m tcp --dport 25 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
Line 34: Line 36:
 -A OUTPUT -p udp -m udp --dport 123 -j ACCEPT -A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
 +-A OUTPUT -d 192.168.0.50/​32 -j ACCEPT
 -A OUTPUT -d 128.205.44.172/​32 -p udp -m udp --dport 1514 -j ACCEPT -A OUTPUT -d 128.205.44.172/​32 -p udp -m udp --dport 1514 -j ACCEPT
 +-A OUTPUT -d 128.205.44.172/​32 -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,​ESTABLISHED -j ACCEPT
 +-A OUTPUT -d 192.168.15.200/​32 -p tcp -m tcp --dport 8080 -j ACCEPT
 +-A OUTPUT -d 192.168.13.138/​32 -p tcp -m tcp --dport 22 -j ACCEPT
 +-A fail2ban-ssh -j RETURN
 COMMIT COMMIT
-# Completed on Fri Mar 24 01:42:12 2017+# Completed on Mon Feb 19 17:37:45 2018
 </​file>​ </​file>​
  
 ===== Notes ===== ===== Notes =====
 [fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned. [fail2ban](https://​www.fail2ban.org/​wiki/​index.php/​Main_Page) is installed, protecting against SSH bruteforce attacks. ​ Don't mess up a login multiple times, as your IP will be banned.
  • cdr/vms/web-server.1494044992.txt.gz
  • Last modified: 2017/05/06 04:29
  • by jamesdro