I am working with a stateless firewall to help keep up with DoS and a state flood. I have a few doubts about my setup:
a.) When allowing web traffic, is it necessary to allow port range 1000:65535 ? i saw that due to this rule sending packets to those ports directly respond with a REJECT instead of a DROP which is preferred. Any
work around and still have a stateless setup?
b.) What is needed to safely have a default OUTPUT DROP, apparently as soon as i change it to that iam unable to access it via ssh, even if I add a rule like this: /sbin/iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
#ICMP IN
/sbin/iptables -A INPUT -p icmp -s 178.174.50.29/24 -j ACCEPT
#ICMP IN (TRACEROUTE)
/sbin/iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT
#ICMP OUT
/sbin/iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
#DNS RESOLVERS
/sbin/iptables -A INPUT -s 63.15.64.91 -j ACCEPT
/sbin/iptables -A INPUT -s 63.15.64.92 -j ACCEPT
#SSH
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#WEB
/sbin/iptables -A INPUT -p tcp --dport 1000:65535 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT