Linux防火墙的优缺点,我的linux防火墙安全吗？

我是

linux防火墙的新手,并试图为面向公众的计算机设置我的系统防火墙.这是我的要求：

>应为HTTP请求和SSH登录打开端口80和22

>由于我的应用服务器将在端口8080上的非root用户下运行.我想将所有数据包重定向到端口8080.在某些情况下,我的应用程序本身会从服务器内向服务器发出请求.

问题：防火墙上有漏洞吗？我可以做得更安全的方法.

这是我的防火墙设置：

*filter

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

:OUTPUT ACCEPT [0:0]

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p esp -j ACCEPT

-A RH-Firewall-1-INPUT -p ah -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow Secure SSH transfer

-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT

# Allow all HTTP requests

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

*mangle

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

*nat

:OUTPUT ACCEPT [0:0]

-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

# Routes all HTTP requests from port 80 to port 8080.

# Allows you to run JETTY as a non-root user.

-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

COMMIT

# Completed