iptables instructions and script for dedicated Linux server at GoDaddy

I have a dedicated LINUX server at GoDaddy. It will be used to host web services implementing our product.

I need the software firewall (iptables) set up. This must be done as a script, which will be checked into our archive and reused for various testing and staging servers as well as for the production server. The script will be run using ssh (PuTTY) under the root user id.

The script will have a customization region at the top, where several variables and lists will be modified prior to being run.


-- the port numbers associated with various services, e.g. MySQL, ping, "Simple Control Panel (9999)" etc..


-- WS-client services list: what ports/services (see variables above) need to be available to a web services client. (These clients are our customers.)

-- MySQL client services list: what ports/services need to be available to a system that is accessing a MySQL database on the server.

-- Developer services list: what ports/services need to be available to a system developer (e.g. ssh, ftp, http, MySQL...) For our internal developers, perhaps ALL access is OK from the specified IP addresses, assuming that can't be spoofed. Please advise.

-- Tester services list: what ports/services need to be available to a system tester (e.g. ssh, ftp, http, MySQL...)

-- WS-client list: the domain names / IP addresses of client web servers that should be allowed WS-client services access.

-- MySQL client list: The IP addresses / domain names of other systems allowed to connect to the MySQL database to issue queries.

-- Developer list: the IP addresses of developer workstations which should be allowed developer services access, per developer access service list above.

-- Tester list: the IP addresses of workstations which should be allowed tester access, per tester services list above.

I know that the server will need to be able to do the following things. So, the script should be set up to enable them to work through the firewall:

-- Java software on the system will send out mail to individuals registered on the site.

-- A MySQL database will be running on the site, used programmatically by the server program (written in Java), by .NET code running on machines in the "MySQL client list", and interactively by MySQL browser. MySQL browser access should be limited to developers, testers, and systems in the "MySQL client list".

-- ftp will be used to automatically move incremental backups to remote systems.

-- developers will use ssh to access the system through PuTTY, and also to initiate scripts that are to run on the system. (An example of the latter will be a script, initiated from a developer's workstation, to deploy a new version of the web services code.)

-- I need "Simple Control Panel" access to the system through GoDaddy, which is port 9999, from anywhere.

Other than explicitly allowed access, the system should be cut off from the world.

The script should be "idempotent", i.e. I should be able to run it again and end up with the same valid software firewall on the same system. So, things like creation of needed directories etc should be done carefully, so they work even if the directory already exists.

I should be able to modify the variables/lists at the top of the script, and rerun the script at will. So, for example, if access is currently allowed for a developer's IP address, and I remove that IP address from the ALLOWED_DEVELOPERS list and re-run the script, that IP address should no longer be allowed.

There should be as little manual effort as possible to run/rerun the script. Instructions for running the script must be documented as a comment at the top of the script.

Please make the script correct, readable, and maintainable!

Operating System: Red Hat Fedora Core 7

Control Panel Type: Simple Control Panel

Skills: Engineering, Linux, Script Install, System Admin, Web Security

See more: godaddy iptables, godaddy simple control panel port, iptables godaddy, iptables manual, godaddy staging servers, simple control panel port godaddy, remove access list iptables, iptables simple control panel godaddy, iptables script web server, access control panel godaddy, iptables web server script, iptables instruction, iptables server script, godaddy simple control panel 9999, iptables access list, godaddy port 9999, godaddy 9999, work for java developer, work as a tester, what must i know to be a software developer

About the Employer:
( 4 reviews ) Otley, United States

Project ID: #253739

Awarded to:


I am a Linux admin for 15 servers. Linux firewall scripts are de facto. I can provide everything you asked for.

$80 USD in 1 day
(80 Reviews)

4 freelancers are bidding on average $125 for this job


has done such work before. script will be from 3 part 1) options section(where u will add ips, ports range) 2) init script - must be started only once. if u start it next time all current conection to server can be More

$200 USD in 2 days
(115 Reviews)

Hi. That's my specialty. Please check PM.

$90 USD in 1 day
(208 Reviews)

Ready to write a script for you + additional things to prevent illegal connection attempts on dedicated ports.

$130 USD in 3 days
(0 Reviews)