Iptables: Firewall Configuration
23 Jan 2012 by TuxAdminIt is a good idea to limit the number of maximum connections coming from a single IP. Modern browsers use multiple connections to speed up loading to the server, so you want the limit to be reasonably high, but not too high that someone can flood your server with thousands of open connections.
You can prevent such attacks by adding a rule to Iptables:-
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
The problem with doing only the above is that Iptables rules gets flushed when the server gets rebooted. In order to make the rules permanent, first we save the currently effective rules to a file.
iptables-save > /etc/iptables.up.rules
Then create a new file that gets called whenever a network interface is enabled.
nano /etc/network/if-pre-up.d/iptables
Add the lines to the new file we just created. This is simply a bash script that reloads the rules.
1 2 | #!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules
|
To ensure that the bash script can be executed, set +x permissions to the file.
chmod +x /etc/network/if-pre-up.d/iptables
That's it!
Some other useful Iptables commands:-
# Flush or remove all Iptables rules iptables -F # List out current rules iptables -L
Email Configuration: Setting Up Reverse DNS and SPF Records
This tutorial presents a simple 2 step configuration to ensure that emails sent out from your server do not end up being flagged as spam.
1. Set RDNS
Some mail servers checks to see if emails coming from a particular IP matches the hostname of the server it is sent ...
read moreWordpress Permalinks With Nginx
To get permalinks or pretty URLs / links working with Nginx, simply add the following to your "/" location block.
location / { try_files $uri $uri/ /index.php; }
For Tuxlite users using the domain.sh script, the above would have been generated automatically for you. Simply un-comment the try_files line in
/etc/nginx ...
read more