You should see an output like this:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
LOG_ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
LOG_ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT all -- localhost.localdomain anywhere
icmp_packets icmp -- anywhere anywhere
LOG_DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT all -- anywhere localhost.localdomain
icmp_packets icmp -- anywhere anywhere
LOG_DROP all -- anywhere anywhere
Chain LOG_ACCEPT (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `[IPTABLES ACCEPT] : '
ACCEPT all -- anywhere anywhere
Chain LOG_DROP (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `[IPTABLES DROP] : '
DROP all -- anywhere anywhere
Chain icmp_packets (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- yourhostname anywhere icmp echo-request
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
Congratulations. Your server now has an active firewall. Technically speaking, you can stop here and you should have a decent firewall set up for your
web server. In the next few steps we will test the functionality of the firewall and we will also install a log analyzer that will provide us with a web based
log monitor. Additionally, I'll show you how to ensure that your new firewall starts up on boot.
To Next Page
Loading...