Friday, October 31, 2014

web server - Iptables output and forward rules for webserver

For a CentOS web server that is not behind a firewall, I set up some Input chain iptables rules to open only port 80 from internet, allow SSH only from my IPs, and so on. On this server there is only Apache serving HTTP requests (port 80).




But what about Output chain? Is it a good practice to allow only the same ports that are allowed by Input chain?
Since Forward is not used, can I set the default policy to DROP?

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...