opHASnoNAME

Asked: 2016-02-23 07:03:02 +0800 CST2016-02-23 07:03:02 +0800 CST 2016-02-23 07:03:02 +0800 CST

IP Tables, does it really need those rules?

I am just starting with IPTables, and I am wondering if I really have to create so many rules for a simple setup:

DMZ (Reverse Proxy) port 80 + 443
Frontend Subnet: Apache Webserver

The Reverse Proxy should be available on Port 80
Reverse Proxy outbound to the Internet on Port 443 (download updates)
Apache reachable from DMZ on Port 80
Apache Outbound to Internet on Port 443 (download updates)

In theory, I would create those rules now:

Reverse Proxy

Accept INPUT from "www" to Port 80 - Established, New
Accept OUTPUT to "www" with Port 80 - Established
Accept OUTPUT to "www" with Port 443 - Established, New
Accept INPUT on Port 443 - Established
Accept OUTPUT to Frontend with Port 80 - Established, New
Accept INPUT from Frontend on Port 80 - Established

Apache

Accept INPUT from DMZ to Port 80 - Established, New
Accept OUTPUT to DMZ with Port 80 - Established
Accept OUTPUT to "www" with Port 443 - Established, New
Accept iNPUT from "www" with Port 443 - Established

Question: Is this correct, or is this to complicated and I miss some more easy going way.

IP Tables, does it really need those rules?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

IP Tables, does it really need those rules?

0 Answers