iptables:implement_a_basic_firewall
This is an old revision of the document!
Table of Contents
IPTables - Implement a basic firewall
Create the firewall reset script
This scripts completely clears the firewall, and changes all policies to ACCEPT so that the system is complete opened up.
Issue the following command:
sudo vi /sharewiz/firewall/firewall-reset.sh
…add the following content to the file:
- /sharewiz/firewall/firewall-reset.sh
#!/bin/bash # # Resets all firewall rules echo "Stopping firewall and allowing everyone..." # # Modify the following settings as required: # IPTABLES=/sbin/iptables # # Reset the default policies in the filter table. # $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT # # Reset the default policies in the nat table. # $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # # Reset the default policies in the mangle table. # $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT # # Flush all the rules in the filter, nat and mangle tables. # $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t mangle -F # # Erase all chains that are not default in filter, nat and mangle tables. # $IPTABLES -X $IPTABLES -t nat -X $IPTABLES -t mangle -X
Setup a failsafe when initially setting up the firewall
Prevent being locked out with IP table changes.
Issue the following command:
sudo vi /etc/cron.d/firewall-reset-sharewiz
…add the following content to the file:
- /etc/cron.d/firewall-reset-sharewiz
0,10,20,30,40,50 * * * * root /sharewiz/firewall/firewall-reset.sh
Make the firewall reset cron job executable
Issue the following command:
sudo chmod 755 /etc/cron.d/firewall-reset-sharewiz
iptables/implement_a_basic_firewall.1475882625.txt.gz · Last modified: 2020/07/15 09:30 (external edit)