Iptables for Blogger

I was looking around on my HD for a Iptables string I had to allow Blogger.com users to post to our servers

here it is

-A INPUT -s -p tcp -m tcp –dport 1024:65535 -j ACCEPT
-A INPUT -s -p tcp -m tcp –dport 1024:65535 -j ACCEPT

Technorati Tags: , , , ,


Portuguese born, american accent, living in UK.

9 thoughts on “Iptables for Blogger

  1. I do not unterstand, how this should work. As i assume your standard policy is DENY for your iptables chains. But in what way this 2 rules will affect your intention?

    the polarizer

  2. these 2 rules will allow outbound port range 1024 to 65535 to be open for the ip’s

    Wich are the blogger publishing ip’s .. this allows their FTP to login in PASV move .. PASV mode will open ports back on the range mentioned above.

  3. Ahh! I misunderstood your term “post”. Under this new point of view i think your rules a too generous, because it is allowed to connect to every port

  4. it will alloww only those two ip’s to connect to any port on that range .. so unless blogger attacks you, you shoudl be ok 🙂

  5. yes .. but you assumign 2 things

    1 – there are no other security measures in place

    2 – that I gave a server IP were those rules are set (no, they not set on THIS server 😉 )

    becides, a smart hacker knows those ports need to be open for blogger to publish, so they can just look for any blogger site and try to spoof that IP .. thats why additional security measures need to be taken, stuff like hardened php, mod_security, latest OpenSSH etc .. all part of keeping a server secured .. one can never just rely on the firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *