Hello,
I recently implemented my first modified iptables config (previously I was using rules from one of the linode articles). Anyway, I've been watching my packet and byte counts closely via iptables -L -v and just wanted to verify that the general inbound and outbound packet activity I'm seeing is normal for a Linode.
For example, after zeroing the packet/byte counts with iptables -Z and then closing my local Terminal window, I simply let the server run for roughly 50 minutes or so before logging back in and running iptables -L -v. The resulting stats that piqued my interest are as follows:
From the input chain: accepted 58 packets / 6631 bytes specific to the related, established match rule.
From the output chain: accepted 76 packets / 7808 bytes accepted (output is basically accept all excluding one drop rule). There were also roughly 30 denied packets, so it seems that the firewall seems to be at least working to some extent.
Given that my apache server is currently disabled, are the above input and output numbers generally what I should be expecting from the output chain and input related/established rule when not much is happening on the box? I would've expected fewer transfered packets in both directions, but what seems like a lot to me--at least in regard to what I expected--- might not be significant to others.
I understand there are bots and whatnot randomly scanning IPs all day every day. I also understand that logging back in through ssh and issuing the iptables -L -v is also contributing to the packet numbers. I guess I just want to make sure that the behavior I'm seeing is not indicative of a rogue something or another manipulating my linode.
For what it's worth, I haven't installed too much on the VPS: A basic rails set up with apache, passenger, sphinx and mysql, imagemagick & related libraries, fail2ban, chkrootkit. Mail is not configured. I'm running Ubuntu lucid.
Thank you!
FAQ
Search
Members
Register
Login [ Anonymous ]
