«
»

VPS Setup Part 2 – Configure iptables

This is part two of our series on configuring.

Step Two – Configure iptables

Backup present rules

iptables-save > /etc/iptables.up.rules

Create Filter

Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn’t use lo0sudo iptables -A INPUT -i lo -j ACCEPT

sudo iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

Accepts all established inbound connections

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allows all outbound traffic

sudo iptables -A OUTPUT -j ACCEPT

Allows HTTP and HTTPS connections from anywhere

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Allows SSH connections (on port 1999)

sudo iptables -A INPUT -p tcp -m state --state NEW --dport 1999 -j ACCEPT

Allow ping

sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

Log iptables denied calls

sudo iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Reject all other inbound – default deny unless explicitly allowed policy

sudo iptables -A INPUT -j DROP

sudo iptables -A FORWARD -j DROP

Save Rules

sudo iptables-save > /etc/iptables.up.rules

Configure Network to Load Rules Automatically

Edit network interface to load rules automatically

sudo nano /etc/network/interfaces

Add pre-up iptables-restore < /etc/iptables.up.rules after iface lo inet loopback

Part 3

Tomorrow, we look at installing OpenSSH.  Don’t forget to read the first post if you missed it.

GD Star Rating
loading...
GD Star Rating
loading...

This entry was posted on Saturday, February 19th, 2011 at 4:51 pm and is filed under Linux system, Ubuntu. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related Articles

Random Articles

Post a Comment