I have some basic iptable rules set up now for my vps. Just block everything except some default ports, 80,21,22,443. I do get brute forced a lot. I have heard that iptables is very powerful but I have not seen many use cases.
Can you give me an example of a(some) rule(s) you always use and give a small example why.
I can not find a general best practice post here on SF, if there is any I would like the link. If this is a duplicate I am sorry and it can be closed.
The most important rule is the short-circuit that allows a static IP or range of IP addresses to ALWAYS get in via SSH.
If you need to log in from random addresses and want to lock down SSH, consider knockd as well.
I personally use Shorewall. It's a little difficult to get your head around, but once you get how to work it, it's a great tool. There is a lot of preset rules to block garbage and enable some logging.
You could also just set your default chain policy to DROP everything and just allow the ports you need. Don't forget to allow ESTABLISHED and RELATED traffic though.
I usually keep SSH locked down and allow access from a handful of IPs that belong to my machines. If you can not lock it down like that, for brute force SSH attacks i use denyhosts. Sometimes you get false positives, but you can whitelist you own IPs so it does not happen.
I think the iptables rules generated by fail2ban are priceless.
I can't tell if this question is on its way to getting closed, but in case it isn't: I have a page on my website that explains what I would consider to be a basic default IPtables ruleset. (It's based on what I use, but I think many other server administrators would be doing some similar things)
