Simple IPTables script

[Deranger]

<removed>

[Leprechaun]

Check out <a href=" http://www.gentoo.org/doc/en/gentoo-security.xml">this</a> (Gentoo Security Guide) for some ideas. I use some of the things in there, but most are either not necessary with my setup or haven't been implemented because of laziness.

One handy way of securing ssh further is to use RSA authentication and disallow passwords. Mind you this only really works if you have some sort of portable media; I put my rsa key on my usb keychain.

I don't have a whole lot of experience with iptables, but the ruleset is going to be dependant on what sort of setup you have. Do you want to be able to log in from any machine? Just your local network? Just one specific machine? The more limited you want/need your service to be, the more you can lock down access to the machine with iptables.

Another toy to look at is port knocking. Unfortunately I haven't set this up on my server, so I can't give you any first-hand advice. Basically, port knocking is a technique which allows you to remain closed off to the world (no open ports) until you receive a special "knock" (request ports 1000, 1005, 1002, 1002, 1003 in that order or something). Upon receiving the knock, the desired port (22 for ssh) opens and you can attempt to authenticate with ssh. Note that this does not bypass the ssh authentication, it's just another layer on top of it.

Hope those help to give you a bit of a starting point.

[Deranger]

So, what do you think of that IPTables script? I don't need any high-end security but simple script that increases security of my box.

[hanj]

[Deranger]