For a CentOS web server that is not behind a firewall, I set up some Input chain iptables rules to open only port 80 from internet, allow SSH only from my IPs, and so on. On this server there is only Apache serving HTTP requests (port 80).
But what about Output chain? Is it a good practice to allow only the same ports that are allowed by Input chain?
Since Forward is not used, can I set the default policy to DROP?
No comments:
Post a Comment