Soldato
- Joined
- 18 May 2010
- Posts
- 22,942
- Location
- London
Do you set the default policy to accept and then include at the bottom of the rules a reject all, or is it better to set the default policy to drop but then add in your exclusions?
Leads me on to a second question which I haven't got my head round yet. We are having some issues at work with an IPS deny/blocking/dropping packets between clients and servers which makes it a tad more complex to work out what effect my iptables are having on connectivity.
Scenario is this:
I deployed a web app that has a section where you can set up LDAP authentication, which I have done and is working. It is this part that the IPS is getting fussy about and sometimes logging in takes ages/times out and others times it works.
Anyway.....
So I set up the iptables like this:
Chain INPUT (policy DROP 2 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
49 5844 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 774 packets, 55134 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any lo anywhere anywhere
33 5009 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
My question is, LDAP is configured to use port 389 to the Active directory. Will I need to open up these ports in the OUTPUT chain or will the fact that I have specified that any connection that is initiated first is allowed out also cover these connections?
Hard to tell if it's the firewall blocking LDAP authentication or if the IPS is the issue.
Leads me on to a second question which I haven't got my head round yet. We are having some issues at work with an IPS deny/blocking/dropping packets between clients and servers which makes it a tad more complex to work out what effect my iptables are having on connectivity.
Scenario is this:
I deployed a web app that has a section where you can set up LDAP authentication, which I have done and is working. It is this part that the IPS is getting fussy about and sometimes logging in takes ages/times out and others times it works.
Anyway.....
So I set up the iptables like this:
Chain INPUT (policy DROP 2 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
49 5844 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:tproxy
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 774 packets, 55134 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any lo anywhere anywhere
33 5009 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
My question is, LDAP is configured to use port 389 to the Active directory. Will I need to open up these ports in the OUTPUT chain or will the fact that I have specified that any connection that is initiated first is allowed out also cover these connections?
Hard to tell if it's the firewall blocking LDAP authentication or if the IPS is the issue.
Last edited:
