pratyush/arch-conf-install
Archived
1
0
Fork 0
Code Issues 5 Pull Requests Projects 1 Releases Wiki Activity
This repository has been archived on 2022-06-28. You can view files and clone it, but cannot push or open issues or pull requests.
arch-conf-install/services/firewall/iptables/iptablesRules.md

34 lines
1.0 KiB
Markdown
Raw Permalink Normal View History

iptables desktop initial
2022-06-28 13:34:43 +05:30
# IPTABLES
## Introduction
* `iptables` is a systemd service and hence started accordingly.
* `/etc/iptables/iptables.rules` will be applied when you start or enable the `iptables.service`.
* After adding rules via command-line as shown in the following sections, the configuration file is not changed
automatically — you have to save it manually:
```iptables-save -f /etc/iptables/iptables.rules
```
* Listing rules with `iptables -nvL`.
## Basic Rules (Offline setup)
### FORWARD
* First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP
`iptables -P FORWARD DROP`
## INPUT
1. `iptables -A INPUT -i lo -j ACCEPT`
2. `iptables -A INPUT -n conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT`
3. `iptables -A INPUT -n conntrack -ctstate INVALID -j DROP`
iptables rules fix
2022-06-28 13:39:06 +05:30
4. `iptables -A INPUT -p tcp --sport 22 -j ACCEPT`
5. `iptables -A INPUT -j DROP`
iptables desktop initial
2022-06-28 13:34:43 +05:30
## OUTPUT
1. `iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT`
2. `iptables -A OUTPUT -j DROP`
Reference in New Issue Copy Permalink