Hello.
Currently, I have two network cards in the server. I need to configure the Firewall on these cards in such a way that: from the eno1 network card there is standard access to network resources, basically what is the default at the moment. eno2 will be displayed outside, so I wanted to do the whole drop, and only provide access to http and https. At the moment, both cards were plugged into the network and they got different IP addresses.
I have posted entries:
#rules for eth2 where is public interface
iptables -A INPUT -i eno2 -p all -j DROP.
Unfortunately, the ports are still open. I put it in the file 10_univention-firewall_start.sh
I run the script I put it in, then restart the service:
sudo /etc/init.d/univention-firewall restart
.
When I type iptables -S I see entries:
-A INPUT -i eno2 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eno2 -j DROP
-A INPUT -i eno2 -j DROP
Unfortunately, when nmapem scans the IP address, the ports are open.
Can someone write me what I need to do to block all traffic and open only the ports I want?