Re: [CENTOS ]IPTABLES - How Secure & Best Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Jul 1, 2016 at 2:16 AM, Ned Slider <ned@xxxxxxxxxxxxxx> wrote:
>
> Try running:
>
> iptables -nv -L

Yes!
Much sunlight awakening crusty synapses here. :-)

>
> The first thing I would do is move your ESTABLISHED,RELATED rule to the top
> of the chain. Once you've accepted the first packet you may as well accept
> the rest of the stream as quickly and efficiently as possible as you've
> established the connection is not malicious.

Yes - this is by far the rule with the most packets and bytes.
The rule goes to the top.

>
> What is the default policy for the FORWARD table?

Probably a little paranoid, but all my filter policies are "DROP"


> For example, if you trust all traffic coming from inside your
> network that is destined for the outside and want to pass that traffic
> without testing for all those tcp flags (and any other rules), you could do
> something like:
>
> -A Forward -p all -i LAN-NIC -o INET-NIC -j ACCEPT

I'm definitely going to test a few different configurations.
Your input is really appreciated; great nudge!

Best regards,

Mike
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux