Exercise:
Protection of WEB and DNS servers using the context-free rules for packet filtering:
- Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns.
- Protect your primary DNS-server so that it could be to contact clients and secondary servers.
- Allow ICMP ping to / from your site (s).
- the rest is declined.
My solution that:
#service iptables start
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
#iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
#service iptables save
#serivce iptables reload
but i don't know why my code doesn't work!!!
can anybody help me?