iptables examples
From SHellium Wiki
In other languages: English | Afrikaans | Albanian | Arabic | Brazilian | Bulgarian | Catalan | Chinese | Croatian | Czech | Danish | Dutch | Esperanto | Estonian | Filipino | Finnish | Flemish | French | German | Greek | Hebrew | Hindi | Hungarian | Indonesian | Italian | Japanese | Latvian | Lithuanian | Macedonian | Malay | Malayalam | Norwegian (Bokmål) | Norwegian (Nynorsk) | Persian | Polish | Portuguese | Romanian | Russian | Serbian | Slovak | Slovenian | Spanish | Swedish | Turkish | Ukrainian | UrduWell then show them how to make a small firewall for a workstation, which can be improved depending on the services available in your system and the security level they want.
I recommend you create the script in / etc / init.d / firewall with the name and assign execute permissions.
touch /etc/init.d/firewall chmod 755 /etc/init.d/firewall
Then add the script to run various Levels in which you could start the system. DEBIAN
update-rc.d firewall start 00 2 3 4 5 .
Once these actions can modify the firewall script, below an example of a system which has a web server and ssh, where at policy DROP all INPUT and FORWARD, which only allow access to port 22 from $ LAN internet and from our Web server. exit "OUTPUT" policy is ACCEPT.
#!/bin/bash modprobe ip_nat_ftp modprobe ip_conntrack_ftp # var iptables=’/sbin/iptables’ internet=’0/0′ lan=’200.1.2.0/24′ dev=’eth0′ $iptables -F $iptables -F -t nat $iptables -F -t mangle $iptables -X $iptables -X -t nat $iptables -X -t mangle # policy $iptables -P INPUT DROP $iptables -P OUTPUT ACCEPT $iptables -P FORWARD DROP # lan_to_host $iptables -N lan_to_host $iptables -A lan_to_host -p tcp –dport 80 -j ACCEPT # INPUT $iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT $iptables -A INPUT -p icmp -j ACCEPT $iptables -A INPUT -i lo -j ACCEPT $iptables -A INPUT -p tcp –dport 22 -j ACCEPT $iptables -A INPUT -i $dev -s $lan -j lan_to_host $iptables -A INPUT -j LOG –log-prefix ‘REJECT INPUT: ‘ $iptables -A INPUT -j REJECT
