I have created my iptables in ubuntu 12.04 and activated fail2ban. Can someone please just let me know if my iptables are secure or if I am missing anything / need to change anything. I have replaced the actual port number for ssh with [port number]
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp – anywhere anywhere multiport dports [port number]
ACCEPT all – anywhere anywhere
REJECT all – anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp – anywhere anywhere tcp dpt:http
ACCEPT tcp – anywhere anywhere tcp dpt:https
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:[port number]
ACCEPT icmp – anywhere anywhere icmp echo-request
LOG all – anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
REJECT all – anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Looks fine to me. But I don’t know what services you’re running, so you could check what ports are open and see if you need to close/whitelist any: <br><pre>sudo netstat -plutn</pre> <br>Ports on 127.0.0.1 are fine since they can only be accessed from the droplet itself only.