hi
i m littlebit confused abt how can i opening ports for my webservers
i have 2 webservers and i want to open some ports (80 and 443 )for public and rest of the ports i want to close.
i m trying filter rule like :
chain=forward action=drop protocol=tcp src-address=0.0.0.0/0
dst-address=my web server ip
dst-port=!80,443[/color]
so am i doing correct ???
and what is advantage of tcp synccookie enable in connection tracking???
That should work. It’s unnecessary to specify the src-address, though. If you have more than one rule, it’s generally easier to rewrite that with accepts for the specific ports for servers, and a final drop without any conditions. If the rule isn’t working for you, that’s most likely due to the rest of the ruleset. You might also need port forwarding NAT rules if you’re NAT’ing in general.
SYN cookies: http://cr.yp.to/syncookies.html
thank u for ur co operation.
but if i have more than 10 ports to open for 6 webservers then i have many accept rules but if i exempt ports using drop rules then i have just 6 rules.
my filter rules r working perfect without any problem.
but something like address list can we make port list and accept the connections???