So, you want to configure a very very secure Linux Firewall using iptables? no probs. Here is how to do it;<\/p>\n
\r\n#!\/bin\/sh\r\n# My system IP\/set ip address of server\r\nSERVER_IP=\"2.2.2.2\"\r\n\r\n# Flushing all rules\r\niptables -F\r\niptables -X\r\n\r\n# Setting default filter policy\r\niptables -P INPUT DROP\r\niptables -P OUTPUT DROP\r\niptables -P FORWARD DROP\r\n\r\n# Allow ALL traffic on loopback\r\niptables -A INPUT -i lo -j ACCEPT\r\niptables -A OUTPUT -o lo -j ACCEPT\r\n \r\n# Allow INCOMING CONNECTIONS ON SSH PORT 22\r\niptables -A INPUT -p tcp -s 0\/0 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT\r\niptables -A OUTPUT -p tcp -s $SERVER_IP -d 0\/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT\r\n# DROP ALL TRAFFIC COMING IN AND GOING OUT\r\n\r\niptables -A INPUT -j DROP\r\niptables -A OUTPUT -j DROP\r\n<\/pre>\nThis above configuration locks down everything apart from SSH.<\/p>\n
But, most customers want to configure access from their client’s IP address only. I.e. they don’t want SSH to accept connections from any IP address. Only from the client on for example 1.1.1.1. Here’s how to do that:<\/p>\n
\r\n# Allow incoming ssh only from IP 1.1.1.1\r\niptables -A INPUT -p tcp -s 1.1.1.1 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT\r\niptables -A OUTPUT -p tcp -s $SERVER_IP -d 1.1.1.1 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT\r\n<\/pre>\nCredit goes to; http:\/\/www.cyberciti.biz\/tips\/linux-iptables-4-block-all-incoming-traffic-but-allow-ssh.html<\/p>\n","protected":false},"excerpt":{"rendered":"
So, you want to configure a very very secure Linux Firewall using iptables? no probs. Here is how to do it; #!\/bin\/sh # My system IP\/set ip address of server SERVER_IP=”2.2.2.2″ # Flushing all rules iptables -F iptables -X # … Continue reading