amuck-landowner

Host Node - IPtables config

Bruce

New Member
Verified Provider
I'm looking at improving/checking my security on host nodes. Does anyone have info to share on a good IPtables setup for host nodes?

My node setup:

CentOS 6.6 x64

OpenVZ

Virtualizor

Nodewatch

I'm not looking for help on basic hardening (I think I'm OK there).

IPtables setup is initially done by virtualizor, but having issues with DNS (no access to external DNS). Can't find much via google. Was hoping to find some blog/tutorials out there.

any tips on stress-testing / pen-testing a host node is welcome too, please.
 

seco

New Member
Hello,

I would like to add a very useful note about iptables firewall rules which is the order.
Ex: if you accept a traffic by a rule and drop the traffic by a second following rule, the traffic won't be dropped because you already accept that traffic.
This is different than anyone think of a queue.
This tutorial discusses that iptables firewall
One last thing to keep in mind. Don't EVER drop SSH packets, otherwise, you will not be able to login unless you can access KVM to restore it back.
Hope it helps.
Regards,
 
Top
amuck-landowner