I have been reading all day about IP tables, how the rules work, sets of rules for basic webservers, etc. Now I`m trying to configure my webserver with IPtables using this thread as a starting point: Good iptables starting rules for a webserver?
Since I don't want to just copy paste anything that works I`m adding rule by rule and considering every rule as to why I would need it. I came to discover that I basically needed access via port 80, 443, 22, 587 (mailserver).
However, I cannot access my site via the domain after adding these rules. So I compared to the thread I mentioned and I discovered I did not have this rule:
# Allow traffic already established to continue
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
So I added this rule to test things, and all of the sudden I could access my website. Then I thought, maybe that's because I already had been connecting to the website from this IP, but if I connect through other IP`s / networks I still can access my website, dependent on that rule.
Because I want to understand this, I don't really get why access to my site is dependent on that rule. There is already a rule allowing incoming traffic via port 80 (which is the port my webserver runs on) but appearantly just that rule is not enough? PS, this is the rule I have at the moment to open up port 80:
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
I hope someone can shed some light about that rule and why I can access my site with that rule and not without.
EDIT: I do get why one would want to add this rule, I reckon it would speed up things as it does not have to go through all the other rules anymore but I just want to understand why in my case it is critical to have this rule in order to access my site..
Thanks!