This topic is to discuss the following lesson:
One thing though, I have a feeling some ACCEPT rules should probably be before DROP.
-A INPUT -i lo -j ACCEPT should sit before filtering Spoofed Packets… I think.
Maybe I’m just messing with my own head right now
I agree with Pavel, you need to have the lo interface accept before blocking packets that have localhost addresses!
Also this doesn’t seem right:
-A INPUT -p tcp -m state --state NEW -m limit --limit 50/second --limit-burst 50 -j ACCEPT
This will immediately accept all SYN packets as long as they don’t breach the rate limit, therefore all of the later checks will be bypassed by such packets.
That does make sense, just changed it…thanks!
Thanks for sharing this, I just changed it. If you have other ideas feel free to share