Howdy everybody :)
I run ejabberd on a dedicated box running debian 6 and i now want to configure iptables properly. The server only serve the ejabberd server and the ssh (it's only for this, no apache,mysql,etc etc and i use the ejabberd_http)
I think these could be the right rules for iptables:
# Generated by iptables-save v1.4.10 on Tue Oct 18 16:48:55 2011
*filter
:INPUT DROP [12:1370]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [19:1946]
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 5222 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 5269 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 5280 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -i eth0 -p icmp -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
COMMIT
# Completed on Tue Oct 18 16:48:55 2011I will also use as required the tls/ssl in both jabber communications and the http_fileserver (on port 5280 for ssl too of course), so is the above configuration right for my needs?
Will i prevent all bad connections with the above configuration and run an ejabberd server without problems?
Thanks a lot in advance to everybody :)
