How to configure iptables
https://www.zyxware.com/sites/default/files/styles/user_image/public/default_images/index.png?itok=2YmREnrP
BY sandeep.sasikumar
5 years ago
Technical-Solution
0 comments comment

The iptables is nothing but a program that controls the linux based firewall that handles filtering for IPV4 and ip6tables for handling IPV6.

Delete existing rules in IP tables

 iptables -F (or) iptables --flush 

Before we start entering new set of iptable rules it would be better for us to flush the old default set of rules in iptables. The iptables flush command will help to do this.

Allow all incoming SSH connections

 iptables -A INPUT -i eth1 -p tcp --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT 
 iptables -A OUTPUT -o eth1 -p tcp --sport 2222 -m state --state ESTABLISHED -j ACCEPT 

This iptable entries will allow all incoming SSH connections to the eth1 interface.

Allow outgoing SSH connections

 iptables -A OUTPUT -o eth1 -p tcp --dport 2222 -m state --state NEW,ESTABLISHED -j ACCEPT 
 iptables -A INPUT -i eth1 -p tcp --sport 2222 -m state --state ESTABLISHED -j ACCEPT 

This iptable entry will allow all outgoing SSH connections through eth1 interface.

Allow ping from outside to the server

 iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT 
 iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT 

This iptable entry will allow ping from outside users our server

Allow ping from inside to outside

 iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
 iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT   

These entries will allow ping from our server to outside.

Block a specific ipaddress

 IPADDRESS_TO_BE_BLOCKED = "x.x.x.x" 
 iptables -A INPUT -s "$IPADRESS_TO_BE_BLOCKED" -j DROP 

This iptable entry will block the ipaddress that needs to be blocked.

Allow rsync from a specific network

 iptables -A INPUT -i eth1 -p tcp -s *.*.*.*/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT 
 iptables -A OUTPUT -o eth1 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT 

The above iptable entry will allow rsync from a specific network (*.*.*.*/24 defines the ipaddress range )

Allow postfix and sendmail

 iptables -A INPUT -i eth1 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT 
 iptables -A OUTPUT -o eth1 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT 

This iptable entry will allow mail traffic

Prevent DoS attack

 iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

This iptable entry will prevent the DOS(Denial of service) attack on our webserver.

Allow port forwarding

 iptables -t nat -A PREROUTING -p tcp -d *.*.*.* --dport 537 -j DNAT --to *.*.*.*:22 

This iptable entry will route all traffic that comes to 537 to the port 22. This means that both the port will accept packets.

These are some of the main iptable rules that are configured


RELATED ARTICLE

/themes/custom/zyxpro_light/images/placeholder.png
close

on 04th April 2007 / by webmaster
Linux is the epitome of the FLOSS model. Technical Solution Linux installation Leave a reply Your email address will not be published. Required fields are marked * Dewey J. Corl (not verified) access_time 12 Jul 2020 - 07:06 Linux is not ready for the general public! (I am a Ubuntu user). For proof, 1. try to simply print labels on a Dymo label printer. It takes a LOT of work to get to the ease of label printing already available in Windows and Mac. 2. try syncing a modern Palm based PDA. Yes, jpilot and others will sync the main data, but pictures and midi files do not get transferred without a lot of extra setup. These are examples of applications that are not ready for the general public. Since an operating system only supports applications, Linux is not ready to be a common desktop for the general public. While we are waiting for the applications to catch up, keep up the good work!! Anoop John (not verified) access_time 12 Jul 2020 - 07:06 Dewey Yes you may be right. But these are not applications that a common man would use. A common man would use one of these applications - Internet browser, Chat Client, Email Client, Document Writer, Presentation Creator, Spreadsheet Editor, Movie Viewer, Music Player, CD/DVD Writer. Both examples you cited are more specific applications that only a small percentage of the whole population uses. It will take time before those hardware vendors identify the need from their perspective to address the Linux community. Krishnadas (not verified) access_time 12 Jul 2020 - 07:06 Dear Mr Anoop, Thank you very much for the free installation of LINUX done in my PC. I am getting immersed in the LINUX and seeing the versatility. To my surprise, I am able to read one of my old backup CD(wherein lot of my valuable file exist) done in DIRECT CD wizard (a custom cd writing software of Easy Cd creator in WIN98) which could not be read in XP. Installation of old version of easycd creator/direct cd program was not possible in XP. I thought that possible i lost all data. Very pleasant start! Srikanth N. S. (not verified) access_time 12 Jul 2020 - 07:06 Hi Anoop, My friend is thrilled with Ubuntu. One of his grouses with windows was that after OS installation, everything else is to be installed separately which is a real headache. WHereas if u install Linux, everything is installed as a package and he is thrilled to bits! Let linux installation spread in Trivandrum and your service in this direction is highly appreciated. Kepp up the good work Regards. PDA Freak (not verified) access_time 12 Jul 2020 - 07:06 Is it possible to install linux on a packardbell notebook ? Pagination Current page 1 Page 2 Next page Next › Last page Last » Add new comment
Leave a reply
Your email address will not be published. Required fields are marked *

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type='1 A I'> <li> <dl> <dt> <dd> <h2 id='jump-*'> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
The content of this field is kept private and will not be shown publicly.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.