Linux Firewall Settings

Linux Settings

Linux Firewall Settings

Introduction

Here are some of my Linux firewall settings. See also: Security Software Settings, Operating Systems, Programs, My computers.

Debian 7: Iptables Rules

Comments

No need to enable ports for incoming data for instant messaging clients (e.g. Google Talk tested with Pidgin).

Create Iptables File (If You Haven't Already)

touch /etc/iptables.conf

Check For Active Iptables Rules

iptables -L

You should get output like:

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

If You Get Other Kind Of Output, Clear Iptables Rules

iptables -P INPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -P OUTPUT ACCEPT

iptables -F

iptables -X

Edit Iptables File

nano /etc/iptables.conf

Insert The Following Code To Iptables File

Below I have disabled HTTP, HTTPS, SSH, but it's easy to remove comment markings if needed.

*filter

# Allow all loopback (lo0) traffic and drop all traffic to 127/8

# that does not use lo0

-A INPUT -i lo -j ACCEPT

-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

# Accept all already established connections

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all outbound traffic

-A OUTPUT -j ACCEPT

# Allow HTTP and HTTPS connections from outside

# -A INPUT -p tcp --dport 80 -j ACCEPT

# -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow SSH connections from outside

# -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow outgoing ICMP ping

-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

# Allow incoming ICMP ping

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

# Reject all other inbound traffic

-A INPUT -j REJECT

-A FORWARD -j REJECT

COMMIT

Apply New Iptables Rules

iptables-restore < /etc/iptables.conf

Reload Rules With Every System Boot

Open interfaces file:

nano /etc/network/interfaces

Add the following line after "iface lo inet loopback" line:

pre-up iptables-restore < /etc/iptables.conf

Restart System

shutdown -r now

Test Rules After System Reboot

iptables -L

More Info

http://wiki.debian.org/iptables

Last modified: May 15th, 2013

Author: Tomi Häsä (tomi.hasa@gmail.com)

URL: http://sites.google.com/site/tomihasa/linux-firewall-settings