iptables desktop initial
This commit is contained in:
parent
c7de666582
commit
88f2a9eb8a
33
services/firewall/iptables/iptablesRules.md
Normal file
33
services/firewall/iptables/iptablesRules.md
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# IPTABLES
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
* `iptables` is a systemd service and hence started accordingly.
|
||||||
|
* `/etc/iptables/iptables.rules` will be applied when you start or enable the `iptables.service`.
|
||||||
|
* After adding rules via command-line as shown in the following sections, the configuration file is not changed
|
||||||
|
automatically — you have to save it manually:
|
||||||
|
|
||||||
|
```iptables-save -f /etc/iptables/iptables.rules
|
||||||
|
```
|
||||||
|
|
||||||
|
* Listing rules with `iptables -nvL`.
|
||||||
|
|
||||||
|
## Basic Rules (Offline setup)
|
||||||
|
|
||||||
|
### FORWARD
|
||||||
|
|
||||||
|
* First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP
|
||||||
|
`iptables -P FORWARD DROP`
|
||||||
|
|
||||||
|
## INPUT
|
||||||
|
|
||||||
|
1. `iptables -A INPUT -i lo -j ACCEPT`
|
||||||
|
2. `iptables -A INPUT -n conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT`
|
||||||
|
3. `iptables -A INPUT -n conntrack -ctstate INVALID -j DROP`
|
||||||
|
4. `iptables -A INPUT -j DROP`
|
||||||
|
5. `iptables -A INPUT -p tcp --dport ssh -j ACCEPT`
|
||||||
|
|
||||||
|
## OUTPUT
|
||||||
|
|
||||||
|
1. `iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT`
|
||||||
|
2. `iptables -A OUTPUT -j DROP`
|
0
services/firewall/nftables/nft.conf
Normal file
0
services/firewall/nftables/nft.conf
Normal file
Reference in New Issue
Block a user