2.1 Firewall (using iptables)

iptables is Linux's firewall. Install it the regular way:

sudo apt-get install iptables

Start adding rules (help here and here). Like this:

  1. Allow connections that are, well, ok:

     sudo iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED

  2. Open a port that you want to be accessible from the outside. E.g. 80 for http, for example, or SSH (default 22).

     sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
 sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

    Add a line for each port you wish to open, change the port number or tcp/udp where needed.

  3. Optionally, allow ping:

     sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

  4. Block inbound traffic that is not allowed by any of your rules:

     sudo iptables -P INPUT DROP

When done adding rules, check the list in iptables:

sudo iptables -L

Save the rules to a test file:

sudo iptables-save > /etc/iptables.test.conf

Note how known ports such as 80 are shown as http, 443 as https, etc. Use iptables -L -n to get a 'normal' view without translated port numbers.

Happy? Save it for real (this and the previous file names are arbitrary, you can pick a different path):

iptables-save > /etc/iptables.up.conf

For the firewall to be useful, it should always run on boot. To start iptables on boot, create this file:

nano /etc/network/if-pre-up.d/iptables

And insert the following:

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.conf

Make it executable:

chmod +x /etc/network/if-pre-up.d/iptables

And you're done!

results matching ""

    No results matching ""