welcome: please sign in
location: iptables

iptables

Set iptables to protect a server.

commands

Install iptables on Debian/Ubuntu.

   1 apt-get install iptables

Check existing rules:

   1 iptables -L
   2 # clean up all rules
   3 iptables -F
   4 iptables -X
   5 iptables -Z

Apply new rules:

   1 # allow loop
   2 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
   3 # allow established links
   4 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   5 # allow anything from local
   6 iptables -A OUTPUT -j ACCEPT
   7 # allow anything to specific ports
   8 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
   9 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  10 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  11 # allow ping from anyone
  12 iptables -A INPUT -p icmp -j ACCEPT
  13 # deny anything else
  14 iptables -A INPUT -j REJECT
  15 iptables -A FORWARD -j REJECT

Save and Load rules:

   1 iptables-save > /etc/iptables.rules
   2 iptables-restore < /etc/iptables.rules

Sample

VirtualMin:

   1 iptables -F
   2 
   3 # allow loop
   4 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
   5 # allow established links
   6 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   7 # allow anything from local
   8 iptables -A OUTPUT -j ACCEPT
   9 
  10 # allow anything to specific ports
  11 iptables -A INPUT -p tcp --dport 21 -j ACCEPT
  12 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  13 iptables -A INPUT -p tcp --dport 25 -j ACCEPT
  14 iptables -A INPUT -p udp --dport 53 -j ACCEPT
  15 iptables -A INPUT -p tcp --dport 53 -j ACCEPT
  16 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  17 iptables -A INPUT -p tcp --dport 110 -j ACCEPT
  18 iptables -A INPUT -p tcp --dport 143 -j ACCEPT
  19 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  20 iptables -A INPUT -p tcp --dport 465 -j ACCEPT
  21 iptables -A INPUT -p tcp --dport 587 -j ACCEPT
  22 iptables -A INPUT -p tcp --dport 993 -j ACCEPT
  23 iptables -A INPUT -p tcp --dport 995 -j ACCEPT
  24 iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
  25 iptables -A INPUT -p tcp --dport 20000 -j ACCEPT
  26 
  27 # allow ping from anyone
  28 iptables -A INPUT -p icmp -j ACCEPT
  29 # deny anything else
  30 iptables -A INPUT -j REJECT
  31 iptables -A FORWARD -j REJECT
  32 
  33 iptables-save > /etc/iptables.rules

Ref.

iptables (last edited 2013-05-16 13:16:07 by AstroProfundis)

How many stars in your bowl, How many sorrows in your soul?
CopyRight © 2011-2017 Allen Zhong, under a CC BY-NC-ND 4.0 License. | IPv6 Enabled.