Securing your Linux Workstation or Server

To secure properly your workstation or server you need to configure iptables
Configuration file: /etc/sysconfig/iptables

If you are interested in detail description of IP tables with examples of configuration please read following document.

Default iptables configuration:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Firewall rules are checked from the top to the bottom. Be careful not to block any traffic. Last line blocks all possible incoming traffic to your machine.
This configuration allows all outgoing traffic and allows ssh connection (--dport 22) and traffic originated from your machine (-m state --state ESTABLISHED,RELATED).
To add trusted machine add following line (before the last one):

-A RH-Firewall-1-INPUT -s 134.21.16.203 -d 0/0 -j ACCEPT
It allows all traffic from IP 134.21.16.203 to any destination address 0/0 (you can put as well your IP address here).

To add trusted network (134.21.1.0 -134-21.1.255 in this example) add following line (before the last one):

-A RH-Firewall-1-INPUT -s 134.21.1.0/24 -d 0/0 -j ACCEPT
It allows all traffic from IP 134.21.1.0 network to any destination address 0/0 (you can put as well your IP address here).

To open specific port on your machine (in this example http - port 80) add following line (before last one):
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEP