Many times i saw on forum questions how to setup iptables and usually the answer they got from you or other people is: go to Webmin > Networking > Linux Firewall .... "Reset Firewall" .... "Block all except ports used for virtual hosting, on interface: ###".
Now everything is fine, not perfect but ok for decent start, aside of one thing, on Centos 6 and 7 will produce a wrong rule:
instead of "-A INPUT -i lo -j ACCEPT" e.g. "Accept If input interface is lo"
it will use "-A INPUT ! -i lo -j ACCEPT" e.g. "Accept If input interface is not lo"
By my understanding this means that anything what doesnt come from "lo" interface is allowed and because this is the first rule basically will override other rules (correct me if i'm wrong) leaving all ports on the server open.
Comments
Submitted by JamieCameron on Sat, 06/06/2015 - 22:24 Comment #1
When you did this reset, which interface did you choose? If it was
lo, then the rule is correct as it will allow all traffic on other interfaces - normally you'd want to select the primary external ethernet interface, likeeth0Looks like Firefox was playing games with me. Only when i entirely deleted cache from the browser i saw second option. I never used this as i build firewall rules by myself, but yesterday i was testing few things and then this jumped out. Please delete this ticket or mark it solved/closed.
Submitted by JamieCameron on Sun, 06/07/2015 - 12:55 Comment #3