Ping a Specific Port

Question

LinuxSecurityFreak

Asked: 2016-04-11 11:10:13 +0800 CST2016-04-11 11:10:13 +0800 CST 2016-04-11 11:10:13 +0800 CST

Firewall rules on a hosting (dedicated server)

772

I am on Linux Debian Jessie 8.4.

I have set up a web server. It seems to run fine.

I'm just wondering, if I need the following firewall rules are ok for HTTP(S) server to be running fine.

iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10100 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

The server is behind a router. Port 22 is not forwarded. 10100 is used for passive FTP

Thank you.

1 Answers

Voted

HBruijn · Answer 1 · 2016-04-11T20:24:48+08:00

Best Answer

HBruijn

2016-04-11T20:24:48+08:002016-04-11T20:24:48+08:00

Typically you want to block everything that isn't explicitly allowed and should add a final rule after what you already have :

-A INPUT -j REJECT --reject-with icmp-host-prohibited

0

Firewall rules on a hosting (dedicated server)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?