Recommended iptables rule set for IceWarp Server
Posted by Lukas N., Last modified by Lukas N. on 18 August 2015 10:36 AM

Here is recommended firewall rule set for IceWarp Server on Linux.

Download rule set from here and save it to /root directory as "icewarp.rules" file.

  • Backup your current iptables settings:
    # iptables-save > /root/default.rules

  • Optionally you can flush all chains: 
    !! Please notice that these commands will delete all your user-defined chains and rules !!
    # iptables -F
    # iptables -X

  • Apply new iptables settings:
    # iptables-restore < /root/icewarp.rules

For SSH and MySQL is recommended define source IPs. In this case (SSH service) delete line:
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT

Uncomment following line and add your source IP address and network mask:
e.g. -A INPUT -s <IP/mask> -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- Do the similar for MySQL

 

In section "OPTIONAL SERVICES" you can enable non-default ports by uncommenting line.
e.g. #-A INPUT -p tcp -m tcp --dport 389 -m state --state NEW -j ACCEPT

In section "LOGGING SERVICE" you can enable iptables denied calls log (by uncommenting line). Access log via "dmesg" command and search for "iptables denied" lines.

Please notice that after every change in icewarp.rules file, following command has to be executed:
# iptables-restore < /root/icewarp.rules


In case of needed you can still use your old iptables settings by command:
# iptables-restore < /root/default.rules

(1 vote(s))
Helpful
Not helpful

Comments (0)