Hi - Have just been asked to look after several linux webservers. One has firewall rules:
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
then follow a whole bunch of rules which I can follow but what bothers me is the the first Accept all - surely this just opens the firewall to anything and the packets never get to the rules below or am I missing something fundamental?
The other server has a default INPUT of accept
Chain INPUT (policy ACCEPT) target prot opt source destination acctboth all -- anywhere anywhere DROP all -- 192.192.116.95 anywhere and a few other drops from specific IPs
Chain acctboth (2 references) target prot opt source destination tcp -- a.somewhere.com anywhere tcp dpt:http tcp -- anywhere a.somewhere.comtcp spt:http tcp -- a.somewhere.com anywhere tcp dpt:smtp tcp -- anywhere a.somewhere.comtcp spt:smtp tcp -- a.somewhere.com anywhere tcp dpt:pop3 tcp -- anywhere a.somewhere.comtcp spt:pop3 icmp -- a.somewhere.com anywhere icmp -- anywhere a.somewhere.com tcp -- a.somewhere.com anywhere tcp -- anywhere a.somewhere.com udp -- a.somewhere.com anywhere udp -- anywhere a.somewhere.com all -- a.somewhere.com anywhere all -- anywhere a.somewhere.com then repeats for other domains.
Again I don't see this as excluding anything. Please comment on the two sets of rules. Regards hennyw