Linux Firewall Settings
Linux Firewall Settings
Introduction
Here are some of my Linux firewall settings. See also: Security Software Settings, Operating Systems, Programs, My computers.
Debian 7: Iptables Rules
Comments
No need to enable ports for incoming data for instant messaging clients (e.g. Google Talk tested with Pidgin).
Create Iptables File (If You Haven't Already)
touch /etc/iptables.conf
Check For Active Iptables Rules
iptables -L
You should get output like:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If You Get Other Kind Of Output, Clear Iptables Rules
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
Edit Iptables File
nano /etc/iptables.conf
Insert The Following Code To Iptables File
Below I have disabled HTTP, HTTPS, SSH, but it's easy to remove comment markings if needed.
*filter
# Allow all loopback (lo0) traffic and drop all traffic to 127/8
# that does not use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accept all already established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections from outside
# -A INPUT -p tcp --dport 80 -j ACCEPT
# -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow SSH connections from outside
# -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow outgoing ICMP ping
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
# Allow incoming ICMP ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
# Reject all other inbound traffic
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
Apply New Iptables Rules
iptables-restore < /etc/iptables.conf
Reload Rules With Every System Boot
Open interfaces file:
nano /etc/network/interfaces
Add the following line after "iface lo inet loopback" line:
pre-up iptables-restore < /etc/iptables.conf
Restart System
shutdown -r now
Test Rules After System Reboot
iptables -L
More Info
http://wiki.debian.org/iptables
Last modified: May 15th, 2013
Author: Tomi Häsä (tomi.hasa@gmail.com)
URL: http://sites.google.com/site/tomihasa/linux-firewall-settings