simple-iptables-firwall
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| simple-iptables-firwall [2017/09/23 12:54] – created baumi | simple-iptables-firwall [2017/10/21 18:33] (current) – baumi | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Simple iptables Firewall ====== | ====== Simple iptables Firewall ====== | ||
| - | < | + | <code bash> |
| + | # | ||
| + | |||
| + | # Set default policy | ||
| + | iptables -P INPUT DROP | ||
| + | iptables -P OUTPUT DROP | ||
| + | iptables -P FORWARD DROP | ||
| + | |||
| + | # Flush existing rules | ||
| + | iptables -F -t nat | ||
| + | iptables -F -t mangle | ||
| + | iptables -F -t filter | ||
| + | iptables -X | ||
| + | |||
| + | # Allow localhost traffic | ||
| + | iptables -A INPUT -i lo -j ACCEPT | ||
| + | iptables -A OUTPUT -o lo -j ACCEPT | ||
| + | |||
| + | # Allow related traffic | ||
| + | iptables -A INPUT -m conntrack --state ESTABLISHED -j ACCEPT | ||
| + | iptables -A OUTPUT -m conntrack --state ESTABLISHED -j ACCEPT | ||
| + | |||
| + | # Allow icmp traffic | ||
| + | iptables -A INPUT -p icmp -j ACCEPT | ||
| + | iptables -A OUTPUT -p icmp -j ACCEPT | ||
| + | |||
| + | # Allow outgoing traffic | ||
| + | iptables -A OUTPUT -j ACCEPT | ||
| + | |||
| + | # Log & Drop the rest | ||
| + | iptables -A INPUT -j LOG --log-prefix "INPUT " | ||
| + | iptables -A INPUT -j DROP | ||
| + | iptables -A FORWARD -j DROP | ||
| + | iptables -A FORWARD -j LOG --log-prefix " | ||
| + | |||
| + | # Show ruleset | ||
| + | iptables -L -vnx | ||
| </ | </ | ||
| + | {{tag>kb linux iptables firewall network}} | ||
simple-iptables-firwall.1506164071.txt.gz · Last modified: 2017/09/23 12:54 by baumi