Linux Firewall Settings

Linux Settings

Linux Firewall Settings

Introduction

Here are some of my Linux firewall settings. See also: Security Software Settings, Operating Systems, Programs, My computers.

Debian 7: Iptables Rules

Comments

   No need to enable ports for incoming data for instant messaging clients (e.g. Google Talk tested with Pidgin).

Create Iptables File (If You Haven't Already)

   touch /etc/iptables.conf

Check For Active Iptables Rules

   iptables -L

You should get output like:

   Chain INPUT (policy ACCEPT)

   target prot opt source destination

    

   Chain FORWARD (policy ACCEPT)

   target prot opt source destination

    

   Chain OUTPUT (policy ACCEPT)

   target prot opt source destination

If You Get Other Kind Of Output, Clear Iptables Rules

   iptables -P INPUT ACCEPT

   iptables -P FORWARD ACCEPT

   iptables -P OUTPUT ACCEPT

   iptables -F

   iptables -X

Edit Iptables File

   nano /etc/iptables.conf

Insert The Following Code To Iptables File

Below I have disabled HTTP, HTTPS, SSH, but it's easy to remove comment markings if needed.

   *filter

    

   # Allow all loopback (lo0) traffic and drop all traffic to 127/8

   # that does not use lo0

   -A INPUT -i lo -j ACCEPT

   -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

    

   # Accept all already established connections

   -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    

   # Allow all outbound traffic

   -A OUTPUT -j ACCEPT

    

   # Allow HTTP and HTTPS connections from outside

   # -A INPUT -p tcp --dport 80 -j ACCEPT

   # -A INPUT -p tcp --dport 443 -j ACCEPT

    

   # Allow SSH connections from outside

   # -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

    

   # Allow outgoing ICMP ping

   -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

   -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

    

   # Allow incoming ICMP ping

   -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

   -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

    

   # Reject all other inbound traffic

   -A INPUT -j REJECT

   -A FORWARD -j REJECT

    

   COMMIT

Apply New Iptables Rules

   iptables-restore < /etc/iptables.conf

Reload Rules With Every System Boot

Open interfaces file:

   nano /etc/network/interfaces

Add the following line after "iface lo inet loopback" line:

   pre-up iptables-restore < /etc/iptables.conf

Restart System

   shutdown -r now

Test Rules After System Reboot

   iptables -L

More Info

   http://wiki.debian.org/iptables




Last modified: May 15th, 2013

Author: Tomi Häsä (tomi.hasa@gmail.com)

URL: http://sites.google.com/site/tomihasa/linux-firewall-settings