iptables:implement_a_basic_firewall
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| iptables:implement_a_basic_firewall [2016/10/07 23:22] – peter | iptables:implement_a_basic_firewall [2019/11/29 17:37] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPTables - Implement a basic firewall ====== | ||
| - | |||
| - | ===== Create the firewall reset script ===== | ||
| - | |||
| - | This scripts completely clears the firewall, and changes all policies to ACCEPT so that the system is complete opened up. | ||
| - | |||
| - | Issue the following command: | ||
| - | |||
| - | <code bash> | ||
| - | sudo vi / | ||
| - | </ | ||
| - | |||
| - | …add the following content to the file: | ||
| - | |||
| - | <file bash / | ||
| - | #!/bin/bash | ||
| - | # | ||
| - | # Resets all firewall rules | ||
| - | echo " | ||
| - | # | ||
| - | # Modify the following settings as required: | ||
| - | # | ||
| - | IPTABLES=/ | ||
| - | # | ||
| - | # Reset the default policies in the filter table. | ||
| - | # | ||
| - | $IPTABLES -P INPUT ACCEPT | ||
| - | $IPTABLES -P FORWARD ACCEPT | ||
| - | $IPTABLES -P OUTPUT ACCEPT | ||
| - | # | ||
| - | # Reset the default policies in the nat table. | ||
| - | # | ||
| - | $IPTABLES -t nat -P PREROUTING ACCEPT | ||
| - | $IPTABLES -t nat -P POSTROUTING ACCEPT | ||
| - | $IPTABLES -t nat -P OUTPUT ACCEPT | ||
| - | # | ||
| - | # Reset the default policies in the mangle table. | ||
| - | # | ||
| - | $IPTABLES -t mangle -P PREROUTING ACCEPT | ||
| - | $IPTABLES -t mangle -P POSTROUTING ACCEPT | ||
| - | $IPTABLES -t mangle -P INPUT ACCEPT | ||
| - | $IPTABLES -t mangle -P OUTPUT ACCEPT | ||
| - | $IPTABLES -t mangle -P FORWARD ACCEPT | ||
| - | # | ||
| - | # Flush all the rules in the filter, nat and mangle tables. | ||
| - | # | ||
| - | $IPTABLES -F | ||
| - | $IPTABLES -t nat -F | ||
| - | $IPTABLES -t mangle -F | ||
| - | # | ||
| - | # Erase all chains that are not default in filter, nat and mangle tables. | ||
| - | # | ||
| - | $IPTABLES -X | ||
| - | $IPTABLES -t nat -X | ||
| - | $IPTABLES -t mangle -X | ||
| - | </ | ||
| - | |||
| - | |||
| - | ===== Setup a failsafe when initially setting up the firewall ===== | ||
| - | |||
| - | Prevent being locked out with IP table changes. | ||
| - | |||
| - | Issue the following command: | ||
| - | |||
| - | <code bash> | ||
| - | sudo vi / | ||
| - | </ | ||
| - | |||
| - | …add the following content to the file: | ||
| - | |||
| - | <file cron / | ||
| - | 0, | ||
| - | </ | ||
iptables/implement_a_basic_firewall.1475882528.txt.gz · Last modified: 2020/07/15 09:30 (external edit)