= iptables =
Set iptables to protect a server.

== commands ==
Install iptables on Debian/Ubuntu.
{{{#!highlight bash
apt-get install iptables
}}}

Check existing rules:
{{{#!highlight bash
iptables -L
# clean up all rules
iptables -F
iptables -X
iptables -Z
}}}

Apply new rules:
{{{#!highlight bash
# allow loop
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# allow established links
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow anything from local
iptables -A OUTPUT -j ACCEPT
# allow anything to specific ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# allow ping from anyone
iptables -A INPUT -p icmp -j ACCEPT
# deny anything else
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
}}}

Save and Load rules:
{{{#!highlight bash
iptables-save > /etc/iptables.rules
iptables-restore < /etc/iptables.rules
}}}

== Sample ==
VirtualMin:
{{{#!highlight bash
iptables -F

# allow loop
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# allow established links
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow anything from local
iptables -A OUTPUT -j ACCEPT

# allow anything to specific ports
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp --dport 20000 -j ACCEPT

# allow ping from anyone
iptables -A INPUT -p icmp -j ACCEPT
# deny anything else
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

iptables-save > /etc/iptables.rules
}}}

== Ref. ==
 . http://www.hi-vps.com/wiki/doku.php?id=vps_iptables

 . http://www.vpser.net/security/linux-iptables.html