Host Node - IPtables config

Discussion in 'Operating a Hosting Business' started by Bruce, Jun 26, 2015.

  1. Bruce

    Bruce New Member Verified Provider

    31
    6
    Apr 13, 2015
    I'm looking at improving/checking my security on host nodes. Does anyone have info to share on a good IPtables setup for host nodes?

    My node setup:

    CentOS 6.6 x64

    OpenVZ

    Virtualizor

    Nodewatch

    I'm not looking for help on basic hardening (I think I'm OK there).

    IPtables setup is initially done by virtualizor, but having issues with DNS (no access to external DNS). Can't find much via google. Was hoping to find some blog/tutorials out there.

    any tips on stress-testing / pen-testing a host node is welcome too, please.
     
  2. Bruce

    Bruce New Member Verified Provider

    31
    6
    Apr 13, 2015
  3. Husky

    Husky Verified Dog Verified Provider

    28
    23
    Sep 26, 2014
    Bruce likes this.
  4. seco

    seco New Member

    1
    0
    Aug 30, 2018
    Hello,

    I would like to add a very useful note about iptables firewall rules which is the order.
    Ex: if you accept a traffic by a rule and drop the traffic by a second following rule, the traffic won't be dropped because you already accept that traffic.
    This is different than anyone think of a queue.
    This tutorial discusses that iptables firewall
    One last thing to keep in mind. Don't EVER drop SSH packets, otherwise, you will not be able to login unless you can access KVM to restore it back.
    Hope it helps.
    Regards,