You are not logged in.

#1 2016-10-27 15:23:31

archtom
Member
Registered: 2011-05-04
Posts: 58

iptables reasonable security values

Hey,

I recently worked on our iptables script. One part was hardening the config and giving it more security. I got everything working so far but I don`t have any experience for setting reasonable values for the security regarding the values of the limits.

I found the limits used below on other websites while researching. I did not adjust them yet and I did not compare or optimize them to each other. It is still work in progress. This is waht I need help for. The iptables config is for a small business server that includes:
internal subnet:     ssh, samba, cups, cubesql
outside:                 http, https (with nginx, baikal, datarooms, owncloud), dns, ftp, openvpn, ntp, git
The linux computer is not the gateway, it is behind a router / gateway.
Our internet connection is 100 MBit download and 12 Mbit upload.

I started the script with a very helpful basic construct from the german archlinux wiki and developed it further. The full script is used as part of a distro independent profile based network select script I wrote. That`s where the network part comes from. I would recommend to run the script while network is setup completely. Full script can be found here:
https://github.com/tiiiecherle/linux_sc … _server.sh

I would be very happy for any kind of feedback for making this better, fitting the needs and adding security. You can also submit pull requests or issues on github. But the most important part to me would be adjusting the limits.

Thanks

Last edited by archtom (2016-10-31 20:10:33)

Offline

#2 2016-10-31 20:12:11

archtom
Member
Registered: 2011-05-04
Posts: 58

Re: iptables reasonable security values

I updated the first post and deleted the values as the ones in the script are updated on github after a lot of research.

Everything seems to work on the connection sides, but I still don`t know how secure it is.

Hopefully anyone can come up and give me a feedback for the script, either good or to make it better wink

Thanks

Last edited by archtom (2016-10-31 21:25:17)

Offline

Board footer

Powered by FluxBB