iptables

Iptables rules for local ntp server

Iptables rules for local ntp server, prohibiting synchronization with other time servers.

How to allow downloads from ftp servers to localhost

Step first
We need load module nf_conntrack_ftp:
# modprobe nf_conntrack_ftp
Don't forget add line to file /etc/modules:
# echo nf_conntrack_ftp >> /etc/modules

Step second
Add rules to iptables:
iptables -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT  -p tcp -m tcp --sport 21 -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
iptables -A OUTPUT -p tcp -m tcp --dport 1024:65535 -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
Subscribe to RSS - iptables