On Sat, 2007-02-17 at 09:15 -0600, Neil Aggarwal wrote:
Hello:
When I installed CentOS 4.4 (from the ServerCD) on my server, I told it not to install a firewall and I disabled SELinux. The server is a SuperMicro 5015P-TR.
I set up my own /etc/init.d/firewall with these rules:
#!/bin/sh # Firewall script # # Source function library . /etc/init.d/functions
RETVAL=0
# Some definitions (Will need to change ETH0_IP to match your configuration) ETH0_IP=38.114.192.86
# See how we were called. case "$1" in start) echo -n "Starting firewall: " /sbin/modprobe ip_conntrack_ftp
# Set the default policies to drop all packets /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP # Flush any existing rules /sbin/iptables -F # Allow loopback traffic /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # Allow icmp protocol packets /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p icmp -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p icmp -j ACCEPT # Allow ssh connections from the outside world /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024:--dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport ssh --dport 1024: -m state --state ESTABLISHED -j ACCEPT
Why not using ESTABLISHED,RELATED instead of just using ESTABLISHED ?
Can you also consider giving us the result of `iptables -L -v -n --line- numbers` ? That gives a better view of what the system is using as iptables rules ...
<snip>