Scribd
Upload
781 views

Secure Your Kloxo Installation With Your Firewall/IPTABLES

This document provides instructions for securing a Kloxo installation with iptables firewall rules on CentOS. It includes stopping the iptables service, disabling it, and copying an iptables script to configure rules that allow SSH, DNS, HTTP/HTTPS, and Kloxo access while blocking all other connections. The script is enabled and started to activate the new firewall configuration.

Uploaded by

Matt Janecek
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
781 views

Secure Your Kloxo Installation With Your Firewall/IPTABLES

This document provides instructions for securing a Kloxo installation with iptables firewall rules on CentOS. It includes stopping the iptables service, disabling it, and copying an iptables script to configure rules that allow SSH, DNS, HTTP/HTTPS, and Kloxo access while blocking all other connections. The script is enabled and started to activate the new firewall configuration.

Uploaded by

Matt Janecek
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

Thursday, April 7, 2011

Labels

Secure your Kloxo Installation with your Firewall/IPTABLES


Stop iptables service: /etc/init.d/iptables stop Disable iptables service: chkconfig iptables off

linux (15) centos (9) Google (8) Apache (5) Kaltura (5) aws (5) API (3) Drupal (3) Kloxo (3)

Copy this code to /etc/init.d/firewall (Reminder: Disable "word wrap" in your text editor. Ex.: nano -w /etc/init.d/firewall) #!/bin/sh # firewall # chkconfig: 3 21 91 # description: Starts, stops iptables firewall case "$1" in start) # Clear rules iptables -t filter -F iptables -t filter -X echo - Clear rules : [OK] # SSH In iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT echo - SSH : [OK] # Don't break established connections iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT echo - established connections : [OK] # Block all connections by default iptables -t filter -P INPUT DROP iptables -t filter -P FORWARD DROP iptables -t filter -P OUTPUT DROP echo - Block all connections : [OK] # Loopback iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT echo - Loopback : [OK] # ICMP (Ping) iptables -t filter -A INPUT -p icmp -j ACCEPT iptables -t filter -A OUTPUT -p icmp -j ACCEPT echo - PING : [OK] # DNS In/Out iptables -t filter -A iptables -t filter -A iptables -t filter -A iptables -t filter -A echo - DNS : [OK]

Typo3 (3) Video (3) Wowza (3) CMS (2) alfresco (2) cloud (2) facebook (2) rackspace (2) red5 (2) social (2) .htaccess (1) Android (1) Diaspora (1) PC Tools (1) SEO (1) Webdesign allgemein (1) bitnami (1) canonical (1) ec2 (1) encoding (1) mobile (1) open source (1) typo3 extensions (1) ubuntu (1)

OUTPUT -p tcp --dport 53 -j ACCEPT OUTPUT -p udp --dport 53 -j ACCEPT INPUT -p tcp --dport 53 -j ACCEPT INPUT -p udp --dport 53 -j ACCEPT

# NTP Out iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT echo - NTP : [OK]

1 of 4

7/28/2013 12:58 AM

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

# FTP Out iptables -t filter -A iptables -t filter -A # FTP In iptables -t filter -A iptables -t filter -A iptables -t filter -A echo - FTP : [OK]

OUTPUT -p tcp --dport 20:21 -j ACCEPT OUTPUT -p tcp --dport 30000:50000 -j ACCEPT INPUT -p tcp --dport 20:21 -j ACCEPT INPUT -p tcp --dport 30000:50000 -j ACCEPT INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# HTTP + HTTPS Out iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT # HTTP + HTTPS In iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT echo - HTTP/HTTPS : [OK] # Mail SMTP:25 iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT echo - SMTP : [OK] # Mail POP3:110 iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT echo - POP : [OK] # Mail IMAP:143 iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT echo - IMAP : [OK] # Kloxo iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT echo - Kloxo : [OK] echo - Firewall [OK] exit 0 ;; stop) echo "Stopping Firewall: " iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -t filter -F exit 0 ;; *) echo "Usage: /etc/init.d/firewall {start|stop}" exit 1 ;; esac

Enable/Start Firewall Service chmod 700 /etc/init.d/firewall add firewall service: chkconfig -add firewall auto start firewall: chkconfig -level 2345 firewall on start firewall: /etc/init.d/firewall start

2 of 4

7/28/2013 12:58 AM

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

If you have slave server, add this on the master iptables -t filter -A INPUT -p tcp -s SLAVE_IP --dport 7779 -j ACCEPT iptables -t filter -A OUTPUT -p tcp -d SLAVE_IP --dport 7779 -j ACCEPT Note: replace SLAVE_IP with your Slave server IP. Add this on slave server iptables -t filter -A INPUT -p tcp -s MASTER_IP --dport 7779 -j ACCEPT iptables -t filter -A OUTPUT -p tcp -d MASTER_IP --dport 7779 -j ACCEPT Note: replace MASTER_IP with your Master server IP.

After all always a good idea /sbin/service httpd restart

Recommend this on Google


Labels: centos, Kloxo

No comments: Post a Comment

Comment as:

Links zu diesem Post


Create a Link Whorush: 18 sites by this AdSense ID

Newer Post Subscribe to: Post Comments (Atom)

Home

Older Post

3 of 4

7/28/2013 12:58 AM

leerraum blog: Secure your Kloxo Installation with your Firewall/IPTABLES http://alexbischof.blogspot.com/2011/04/secure-your-kloxo-installation-wi...

4 of 4

7/28/2013 12:58 AM

You might also like