Hi.... I need some help here. I have a hard time making the IMAP service work on one ( multiple ) machine. Here is the problem, if I put my IPTables script up, the IMAP service still work, but it's slow like hell. I did check the log for some feed back, but did'nt got me anywhere. If the script is down, everything is perfect.
The mail server (imap server) and the linux box have both the same kind of script... pretty mutch the same. With the IMAP port open on the mail server of course :-) So, if any one ever got into that kind of prob or know any tips...... Here's the script i use : #!/bin/sh IPTABLES="/sbin/iptables" #Time to clean house #Clear out any existing firewall rules, and any chains that might have #been created $IPTABLES -F $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F -t mangle $IPTABLES -F -t nat $IPTABLES -X #Setup our policies $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP #Our actual rules $IPTABLES -N firewall $IPTABLES -A firewall -m limit --limit 15/minute -j LOG --log-prefix Firewall: $IPTABLES -A firewall -j DROP #Now, our dropwall chain, for the final catchall filter $IPTABLES -N dropwall $IPTABLES -A dropwall -m limit --limit 15/minute -j LOG --log-prefix Dropwall: $IPTABLES -A dropwall -j DROP #Our "hey, them's some bad tcp flags!" chain $IPTABLES -N badflags $IPTABLES -A badflags -m limit --limit 15/minute -j LOG --log-prefix Badflags: $IPTABLES -A badflags -j DROP #And our silent logging chain $IPTABLES -N silent $IPTABLES -A silent -j DROP #Accept ourselves (loopback interface), 'cause we're all warm and friendly $IPTABLES -A INPUT -i lo -j ACCEPT #Drop those nasty packets! #These are all TCP flag combinations that should never, ever occur in the #wild. All of these are illegal combinations that are used to attack a box #in various ways, so we just drop them and log them here. $IPTABLES -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j badflags $IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j badflags $IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j badflags $IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j badflags $IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j badflags $IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j badflags #Drop icmp, but only after letting certain types through $IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT $IPTABLES -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT $IPTABLES -A INPUT -p icmp -j firewall #Accept SSH connections from everywhere. $IPTABLES -A INPUT -i eth0 -d 0/0 -p tcp --dport 22 -j ACCEPT $IPTABLES -A INPUT -i eth0 -d 0/0 -p tcp --dport 80 -j ACCEPT $IPTABLES -A INPUT -i eth0 -d 0/0 -p tcp --dport 143 -j ACCEPT #Lets do some basic state-matching #This allows us to accept related and established connections, so #client-side things like ftp work properly, for example. $IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #Drop port 137 netbios packets silently. We don't like #that netbios stuff, and it's #way too spammy with windows machines on #the network. # $IPTABLES -A INPUT -p udp --sport 137 --dport 137 -j silent #Our final trap. Everything on INPUT goes to the dropwall so we don't get silent drops $IPTABLES -A INPUT -j dropwall
