welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

location: iptables

iptables

Set iptables to protect a server.

commands

Install iptables on Debian/Ubuntu.

   1 apt-get install iptables

Check existing rules:

   1 iptables -L
   2 # clean up all rules
   3 iptables -F
   4 iptables -X
   5 iptables -Z

Apply new rules:

   1 # allow loop
   2 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
   3 # allow established links
   4 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   5 # allow anything from local
   6 iptables -A OUTPUT -j ACCEPT
   7 # allow anything to specific ports
   8 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
   9 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  10 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  11 # allow ping from anyone
  12 iptables -A INPUT -p icmp -j ACCEPT
  13 # deny anything else
  14 iptables -A INPUT -j REJECT
  15 iptables -A FORWARD -j REJECT

Save and Load rules:

   1 iptables-save > /etc/iptables.rules
   2 iptables-restore < /etc/iptables.rules

Sample

VirtualMin:

   1 iptables -F
   2 
   3 # allow loop
   4 iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
   5 # allow established links
   6 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
   7 # allow anything from local
   8 iptables -A OUTPUT -j ACCEPT
   9 
  10 # allow anything to specific ports
  11 iptables -A INPUT -p tcp --dport 21 -j ACCEPT
  12 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  13 iptables -A INPUT -p tcp --dport 25 -j ACCEPT
  14 iptables -A INPUT -p udp --dport 53 -j ACCEPT
  15 iptables -A INPUT -p tcp --dport 53 -j ACCEPT
  16 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  17 iptables -A INPUT -p tcp --dport 110 -j ACCEPT
  18 iptables -A INPUT -p tcp --dport 143 -j ACCEPT
  19 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  20 iptables -A INPUT -p tcp --dport 465 -j ACCEPT
  21 iptables -A INPUT -p tcp --dport 587 -j ACCEPT
  22 iptables -A INPUT -p tcp --dport 993 -j ACCEPT
  23 iptables -A INPUT -p tcp --dport 995 -j ACCEPT
  24 iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
  25 iptables -A INPUT -p tcp --dport 20000 -j ACCEPT
  26 
  27 # allow ping from anyone
  28 iptables -A INPUT -p icmp -j ACCEPT
  29 # deny anything else
  30 iptables -A INPUT -j REJECT
  31 iptables -A FORWARD -j REJECT
  32 
  33 iptables-save > /etc/iptables.rules

Ref.

How many stars in your bowl, How many sorrows in your soul?
CopyRight © 2011-2021 Allen Zhong, under a CC BY-NC-ND 4.0 License.