Firewall is very important and a must for every servers as this secures the box from any intruders that might want to breach or hack your server. One way that you could put up your default firewall rules in IPtables is via system-config-securitylevel-tui. It is a dos-based like UI that allows you to specify what ports are to be opened. Off course you have to do this only for creating your default firewall but to add up more security you have to use the iptables command line options.
So once you have defined you're open ports and rules via the UI. There's one more thing to do with it. The default rule created by the system-tui is not completely secured at all. There is a slight bug on it.
Try to issue this command:
/sbin/iptables -L
If you will notice the first two lines on the firewall rule RH-Firewall-1-INPUT chain,
you will see there duplicate entry
ACCEPT all -- anywhere anywhere ;this is needed for the server's services
ACCEPT all -- anywhere anywhere ; this is the hole
This one is a hole in the firewall as it allows others to enter/ to access your box from anywhere (like in ssh). To avoid this security breach/security risk, we will delete the other entry.
To do so, first you have to identify the line number in which the duplicate occurs by issuing:
/sbin/iptables -L --line-number
Take note of the line number.
Then we can now delete it. Say the duplicate occurred on line 2, we then issue the command:
/sbin/iptables -D RH-Firewall-1-INPUT 2
Then save your firewall
/sbin/service iptables save
Now you're box has a secured default firewall rulings.
Hope you find it useful. Thanks, Cheers and God Bless!!!!!
No comments:
Post a Comment