Wiki

User Tools

Site Tools

Trace:
iptables:basic_firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
iptables:basic_firewall [2016/10/20 19:04] peteriptables:basic_firewall [2019/11/29 16:38] (current) – removed peter
Line 1: Line 1:
-====== IPTables - Basic Firewall ====== 
- 
-===== Verify the IPTables package is installed ===== 
- 
-<code bash> 
-dpkg --list | grep iptables 
-</code> 
- 
-Returns 
- 
-<code> 
-ii  iptables                            1.6.0-2ubuntu3                      amd64        administration tools for packet filtering and NAT 
-</code> 
- 
- 
-===== Verify the Kernel Module is loaded ===== 
- 
-<code bash> 
-lsmod | grep ip_tables 
-</code> 
- 
-Returns 
- 
-<code> 
-ip_tables              24576  4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw 
-</code> 
- 
- 
- 
-===== Creating iptables rules ===== 
- 
-<code bash> 
-iptables -P INPUT DROP 
-iptables -P OUTPUT DROP 
- 
-# Allowing Loopback Traffic. 
-iptables -I INPUT -i lo -j ACCEPT 
- 
-# Allow established connections. 
-iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 
- 
-# Allow SSH in. 
-# iptables -I INPUT -p tcp --dport 22 -j ACCEPT 
-iptables -A INPUT -p tcp --dport 22 -s 192.168.1.2 -j ACCEPT 
- 
-# iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
-# iptables -A INPUT -p tcp --dport 443 -j ACCEPT 
- 
-# Loading the ip_conntrack_ftp module 
- 
-# iptables -A INPUT -p tcp --dport 21 -j ACCEPT 
-# iptables -A INPUT -p tcp --dport 20 -j ACCEPT 
- 
- 
- 
-</code> 
- 
- 
-===== Enable kernel modules ===== 
- 
-To have FTP work correctly with iptables, ensure that the **ip_conntrack_ftp** module is loaded. 
- 
-<code bash> 
-modprobe ip_conntrack_ftp 
-</code> 
- 
-Check that the module is loaded 
- 
-<code bash> 
-lsmod | grep conntrack 
-</code> 
- 
-Returns 
- 
-<code> 
-nf_conntrack_ftp       20480  1 nf_nat_ftp 
-nf_conntrack_ipv4      16384  84 
-nf_defrag_ipv4         16384  1 nf_conntrack_ipv4 
-xt_conntrack           16384  81 
-nf_conntrack          106496  9 nf_nat_ftp,nf_nat,xt_state,xt_connlimit,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ftp,nf_conntrack_ipv4 
-x_tables               36864  25 xt_pkttype,ip6table_filter,ip6table_mangle,xt_length,xt_comment,xt_CHECKSUM,xt_recent,ip_tables,xt_tcpudp,xt_string,ipt_MASQUERADE,xt_limit,xt_state,xt_connlimit,xt_conntrack,xt_LOG,xt_nat,xt_multiport,iptable_filter,ebtables,ipt_REJECT,iptable_mangle,ip6_tables,xt_addrtype,iptable_raw 
-</code> 
  
iptables/basic_firewall.1476990250.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki