Should you use iptables with EC2 instances?

iptables amazon-ec2

You can use ec2-authorize to specify what kind of traffic to allow to your ec2 instance. Is it still a good idea to run iptables, or is that introducing unnecessary complexity?


Some reasons why you might consider activating iptables:

  • can use to block outgoing trojans, eg block outgoing smtp 25, and you provide defense against spam trojans
  • what if the Amazon firewall is disactivated for some reason by Amazon by accident?
  • what if the instance is started with an inappropriate security group, or there is an issue with the security group's configuration?

Activating iptables provides defense in depth, and is easy to configure, eg with ufw:

sudo ufw default allow
sudo ufw enable
sudo ufw allow 22/tcp    # allow ssh
sudo ufw default deny

# sudo ufw allow 80/tcp   # uncomment this line to allow incoming http
# sudo ufw allow 443/tcp  # uncomment this line to allow incoming https

(note: this won't block outgoing smtp, but it does show that getting a basic iptables configuration setup is fairly painless, and then you can tweak this if you like vi /etc/ufw/*.rules)

Related

SSH keys management system
Why poll is not replaced with epoll?
MSMQ very slow to receive messages
How to monitor activity on a single table using SQL Server profiler
Can Windows 7 do software RAID 10 (1+0)
Does the Read-Only configuration of a DC apply only to Active Directory?
Virus that tries to brute force attack Active Directory users (in alphabetical order)?
What Apache/PHP configurations do you know and how good are they?
SSL peer was unable to negotiate an acceptable set of security parameters
Zone transfers on a split-view Bind DNS system
Stdout/stderr redirects in start-stop-daemon
HP access points sending out multicast packets from IPs that aren't their own