Hi
you need to Drop all and allow what are the services required that is the best practice
hare
----- Original Message ----- From: "Rakotomandimby (R12y) Mihamina" <mihamina.rakotomandimby@xxxxxxxxxxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, May 13, 2005 5:23 PM
Subject: just a remind
Hello.
I have a rule set and I want to disable the acces of my server to some ips (they are "request flooding" me, and it's just a temporary rejection, just to give me the time to set up the scaling of the server)
- I have the policy rules at the beginning (they DROP all by default) - then I have the allowing rules for the port 80 TCP (web server) - then allow ssh for all (dynamic IP at the admin's home) - then follows the rectrivtion, I rejects the IPs I want to reject on all ports.
Is that the right steps? or should I reject them _before_ allowing 80 TCP for all?
It's iptables 1.2.10 and 1.2.11 Thank you for all.
-- ASPO Infogérance http://aspo.rktmb.org/activites/infogerance Unofficial FAQ fcolc http://faq.fcolc.eu.org/ LUG sur Orléans et alentours (France). Tél : 02 34 08 26 04 / 06 33 26 13 14
