[CentOS] [CENTOS ]IPTABLES - How Secure & Best Practice

Wed Jun 29 15:15:46 UTC 2016
Paul Heinlein <heinlein at madboa.com>

On Wed, 29 Jun 2016, Leon Vergottini wrote:

> I am busy teaching myself iptables [....]
>
> How secure is this setup?  Is there any mistakes or things that I 
> need to look out for?

It's only as secure as your web stack (and, in your case, SSH 
configuration).

Packet filtering is a necessary security tool, but it's not sufficient 
for total security. Much harder is auditing the pieces of your 
applications:

* locked-down application configuration(s),
* decent password policy,
* access controls (mandatory and discretionary) that limit exposure
   to exploits or vulnerabilities,
* timely patching,
* good service monitoring combined with a remediation plan should
   things go awry,
* good crypto configuration,
* etc., etc.

In other words, packet filtering is a good start toward a secure 
system, but no more than that.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/