Difference between revisions of "Iptables"

Revision as of 17:42, 22 September 2018

Manage firewall rules.

In Debian rules are in:

/etc/iptables/rules.v4
/etc/iptables/rules.v6

Pretty strict rules for a IPv4 webserver are configured like this:

cat /etc/iptables/rules.v4
*filter
:INPUT DROP -4 [0:0]
:FORWARD DROP -4 [0:0]
:OUTPUT ACCEPT -4 [0:0]
-A INPUT -4 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -4 -p icmp -j ACCEPT
-A INPUT -4 -i lo -j ACCEPT
-A INPUT -4 -p tcp -m conntrack --ctstate NEW -m tcp -s 192.168.2.0/24 --dport 22 -j ACCEPT
-A INPUT -4 -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -4 -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j ACCEPT
COMMIT

cat /etc/iptables/rules.v6
*filter
:INPUT DROP -6 [0:0]
:FORWARD DROP -6 [0:0]
:OUTPUT DROP -6 [0:0]
-A INPUT -6 -i lo -j ACCEPT
-A OUTPUT -6 -o lo -j ACCEPT
COMMIT

And result in:

iptables -nvL
Chain INPUT (policy DROP 100 packets, 27924 bytes)
 pkts bytes target     prot opt in     out     source               destination         
19748 1436K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
   25  1800 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   84  5040 ACCEPT     tcp  --  *      *       192.168.2.0/24       0.0.0.0/0            ctstate NEW tcp dpt:22
    2    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
    9   540 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:443

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 35665 packets, 49M bytes)
 pkts bytes target     prot opt in     out     source               destination        

ip6tables -nvL
Chain INPUT (policy DROP 14 packets, 2902 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   13  2476 ACCEPT     all      lo     *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 16 packets, 2134 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   13  2476 ACCEPT     all      *      lo      ::/0                 ::/0

Revision as of 17:40, 22 September 2018 (view source) Hdridder (talk \| contribs) (Created page with "Manage firewall rules. In Debian rules are in: <code>/etc/iptables/rules.v4</code><br> <code>/etc/iptables/rules.v6</code> Pretty strict rules for a IPv4 webserver are conf...")		Revision as of 17:42, 22 September 2018 (view source) Hdridder (talk \| contribs) m Newer edit →
Line 1:		Line 1:
		+	[[category:networking]]
	Manage firewall rules.		Manage firewall rules.

Difference between revisions of "Iptables"

Revision as of 17:42, 22 September 2018

Navigation menu

Search