Firewall and iptables rules for established connections

  • Hi all,


    i want to cut down incoming connections, but i want to accept responses from outside when establishing a connection by the server (for DNS and updating). I found this link [1] to a howto in this forum that proposes following iptables command:

    Code
    sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT


    I added one line to OMV by GUI with extra options: -m conntrack --ctstate ESTABLISHED,RELATED


    Is that iptables command what i am looking for, or could it be a security risk?


    Best regards


    [1] https://help.ubuntu.com/community/IptablesHowTo

  • What services do you want to be able to connect to via a remote connection? That would be a good start. I only have used conntrack when I have service that begins on a certain port and bounces to a higher port. I'm not sure this is what need. Be more specific on what you are trying to achieve.

  • the OMV should:


    - be accessible only via SSH, HTTP and CIFS.
    - is part of two networks (2 NICs)
    - be accessible from all adresses on eth0
    - be accessible only from 5-8 specific adress-ranges on eth1


    - allow OMV to use any host on the internet (i.e. ftp.de.debian.org). This means it should also allow responses from them.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!