Protect web and mail servers

And so in this topic I will try to share with you on how to protect your server from outside of the unwanted guests.
It set up the rules in IPTABLES debian

iptables is a native command line utility in Linux, is a standard interface to control the operation of the firewall (firewall) netfilter for kernels 2.4 and 2.6. At competent Configuring iptables server can be considered relatively safe from external threats. In this article we’ll look at an example iptables configuration to protect a standard Web server.
So, Let’s imagine a simple Web server. Working ports are tcp: 20, 21, 22, 25, 80, 110, 443, 143; UDP port 53.
Let’s write an iptables configuration script and place it in the/etc/init.d/iptables:

# IPTables configuration script #
# Clear previous entries
# Set default policies
iptables-P INPUT DROP
# Enable the local interface
iptables-A INPUT-i lo-j ACCEPT
# Simple protection against DoS attacks
iptables-A INPUT-p tcp-m tcp-tcp-flags SYN, ACK, FIN, RST RST-m limit-limit-1/s-j ACCEPT
# Spoof protection
iptables-I INPUT-m conntrack-ctstate-NEW, INVALID-p tcp-tcp-flags SYN, ACK, ACK SYN-j REJECT-reject-with tcp-reset
# Protection from attempts to open an incoming TCP connection is not a SYN
iptables-I INPUT-m conntrack-ctstate-NEW-p tcp! –syn-j DROP
# Close the curve of icmp
iptables-I INPUT-p icmp-f-j DROP
# REL, ESTB allow
iptables-A INPUT-p tcp-m state-state ESTABLISHED, RELATED-j ACCEPT
iptables-A INPUT-p udp-m state-state ESTABLISHED, RELATED-j ACCEPT
# Enable working ports
iptables-A INPUT-p tcp-dport 20-j ACCEPT
iptables-A INPUT-p tcp-dport 21-j ACCEPT
# SSH server protection from brute-force
iptables-A INPUT-p tcp-syn-dport 22-m recent-name dmitro-set
iptables-A INPUT-p tcp-syn-dport 22-m recent-name dmitro-update-seconds-30–hitcount 3-j DROP
iptables-A INPUT-p tcp-dport 22-j ACCEPT
iptables-A INPUT-p tcp-dport 25-j ACCEPT
iptables-A INPUT-p udp-sport 53-j ACCEPT
iptables-A INPUT-p tcp –dport 80-j ACCEPT
iptables-A INPUT-p tcp-dport 110-j ACCEPT
iptables-A INPUT-p tcp-dport 143-j ACCEPT
iptables-A INPUT-p tcp-dport 443-j ACCEPT
# Permission of the principal types of ICMP protocol
iptables-A INPUT-p icmp-icmp-type 3-j ACCEPT
iptables-A INPUT-p icmp-icmp-type 11-j ACCEPT
iptables-A INPUT-p icmp-icmp-type 12-j ACCEPT

# View

That he was raised automatically when you restart the server, do the following:
update-rc.d iptables defaults 99

Now the iptables rules will turn up at system startup

Not so long ago started loading my server a few spiders from (Germany and niderlad) when viewing the htop server was loaded by almost 90% while under load of 150-200 users per day the load was 15-20. I decided to get rid of this shit and my server. Decided to find someone who is fresh to me so

found by using the

cat/var/www/clients/client1/web1/log/access.log | AWK ‘ {print $ 1} ‘ | sort | uniq-c

saw that from one IP per night went very many requests


decided to block access to my resource through the IPTABLES rules

iptables-I INPUT-i eth0-s DROP

All. Restartonul rules and forgot about annoying spider.