My Linode was recently hacked into. I'd like to lock down all my unused ports and then only open access to those I need.

In the firewall guides there is a description of how to do this. If I understand the iptables commands they first drop everything, then open those that are needed. I want to type these command manually to check them out first. My question is if I'm on an ssh session and I drop everything, how can I continue to implement the rest of my table?

Thanks in advance for your help.

bob

Use Lish to connect to your Linode's console instead of using SSH to connect to your Linode.

_________________
/ Peter

IPTABLES rules are processed top down.

If your first rule is DROP EVERYTHING - that's the ONLY rule that will ever be applied.

I was planning to use a variation of the commands listed in the iptables Linode document as below:


====== begin snip from iptables Linode document ====
Block All Traffic and Allow Traffic on Specific Ports Link

One common approach to firewall architecture involves blocking all traffic to the system by default and then allowing traffic on specific ports. Consider the following sequence of commands:

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -m multiport --destination-ports 22,25,53,80,433,465,5222,5269,5280,8999:9003 -j ACCEPT
iptables -A INPUT -p udp -m multiport --destination-ports 53 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

====== end quote =======

If I'm manually entering these on a terminal session do I need to enter them in reverse order?

Thanks again for your help.

bob

No, that would probably not give you the results you're looking for.

Best to just type in the script, and run it all at once.

Better yet - google around for a few iptables tutorials and use those to parse what the scripts you're looking at actually does - that way instead of blinding following something that is suppose to secure your box, you'll actually know what it's doing.

Like most sysadmin stuff - the basics of iptables is not all that hard to grasp - it just takes a bit of reading (and of course it won't hurt to setup a local VM and play around with it in a sandbox safe environment).

What distro are you using? If Ubuntu, I'd suggest looking into ufw.

Then you would just create a rule to allow ssh before enabling ufw.

Bob, based on the above, the rule for OUTPUT is not necessary, unless you omitted setting the policy for OUTPUT to DROP. I would suggest adding a rule to allow traffic on the local interface.

--
Travis