iptables
Set iptables to protect a server.
commands
Install iptables on Debian/Ubuntu.
1 apt-get install iptables
Check existing rules:
Apply new rules:
1 # allow loop
2 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
3 # allow established links
4 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
5 # allow anything from local
6 iptables -A OUTPUT -j ACCEPT
7 # allow anything to specific ports
8 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
9 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
10 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
11 # allow ping from anyone
12 iptables -A INPUT -p icmp -j ACCEPT
13 # deny anything else
14 iptables -A INPUT -j REJECT
15 iptables -A FORWARD -j REJECT
Save and Load rules:
Sample
1 iptables -F
2
3 # allow loop
4 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
5 # allow established links
6 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
7 # allow anything from local
8 iptables -A OUTPUT -j ACCEPT
9
10 # allow anything to specific ports
11 iptables -A INPUT -p tcp --dport 21 -j ACCEPT
12 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
13 iptables -A INPUT -p tcp --dport 25 -j ACCEPT
14 iptables -A INPUT -p udp --dport 53 -j ACCEPT
15 iptables -A INPUT -p tcp --dport 53 -j ACCEPT
16 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
17 iptables -A INPUT -p tcp --dport 110 -j ACCEPT
18 iptables -A INPUT -p tcp --dport 143 -j ACCEPT
19 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
20 iptables -A INPUT -p tcp --dport 465 -j ACCEPT
21 iptables -A INPUT -p tcp --dport 587 -j ACCEPT
22 iptables -A INPUT -p tcp --dport 993 -j ACCEPT
23 iptables -A INPUT -p tcp --dport 995 -j ACCEPT
24 iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
25 iptables -A INPUT -p tcp --dport 20000 -j ACCEPT
26
27 # allow ping from anyone
28 iptables -A INPUT -p icmp -j ACCEPT
29 # deny anything else
30 iptables -A INPUT -j REJECT
31 iptables -A FORWARD -j REJECT
32
33 iptables-save > /etc/iptables.rules