Irrational Exuberance

Code Life Series Projects
About Archive Tag Cloud Translations RSS

You are writing a comment about Creating my Dream Server for Django, here is a quick summary:

Recently I redid my server to have a solid Django serving atmosphere: apache2, Python 2.5, memcached, lighttpd for serving static media. These are the cleaned up and formatted notes I used to guide myself through the installation process on my 256 meg SliceHost slice.

You are responding to this comment written by Ian on January 3rd 2008, 23:33.

Here are the steps that I used to set up iptables on my slice.

Note that these instructions assume that the iptables is currently configured to accept all connections, which is the original state for a new ubuntu slice.

Set up the iptables according to https://help.ubuntu.com/community/IptablesHowTo. Note that the SSH port might not be the standard port (22) for security reasons (it might have been changed to another number in your set up of ssh; see get started with your new ubuntu slice )

Also the line accepting connections on port 443 (the standard https port) is optional.

Become the root user, and set a shell variable naming your ssh port 

sudo -i
export SSH_PORT=<put your ssh port number here>

Make a new chain to log then drop disallowed connections (this is optional, but if not used then be sure to make the change described below when logging is not desired) 

iptables -N LOGNDROP

Then set up the chains 

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport $SSH_PORT -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT 
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j LOGNDROP
iptables -A LOGNDROP -p tcp -m limit --limit 5/min -j LOG --log-prefix "Denied TCP: " --log-level 7
iptables -A LOGNDROP -p udp -m limit --limit 5/min -j LOG --log-prefix "Denied UDP: " --log-level 7
iptables -A LOGNDROP -p icmp -m limit --limit 5/min -j LOG --log-prefix "Denied ICMP: " --log-level 7
iptables -A LOGNDROP -j DROP

If you don't care about logging denied attempts (and didn't create the LOGNDROP chain above), change the line: 

iptables -A INPUT -j LOGNDROP

to 

iptables -A INPUT -j DROP

and don't bother with any more of the lines.

Take a look at the setup (if you are interested). 

iptables -L

To restore this iptables configuration after a reboot, save the iptables configuration in a new file /etc/iptables.up.rules and add a line at the end of the file /etc/network/interfaces to read it in 

iptables-save > /etc/iptables.up.rules
echo "pre-up iptables-restore < /etc/iptables.up.rules" >> /etc/network/interfaces

Stop being the root user 

exit

Please be aware that comment forms go stale after one hour.





Comments may make use of LifeFlow MarkDown. Raw html will be escaped.

Quick Introduction to LifeFlow MarkDown Syntax

A highlighted code block:

@@ ruby
def a (b, c):
  b * c
end
@@

Other common languages work as well: scheme, python, java, html, etc.

Other markdown syntax:

 ### This is an h3 title
#### This is an h4 title
**this is bold**
*this is italics*

1. This is an
2. ordered list

* And an unordered
* list too

[this is a link](http://www.lethain.com/ "Lethain")
Random Entries
Recent Entries
All Rights Reserved, Will Larson. 2007 - 2009.