iptables desktop initial

This commit is contained in:
Pratyush Desai 2022-06-28 13:34:43 +05:30
parent c7de666582
commit 88f2a9eb8a
Signed by: pratyush
GPG Key ID: DBA5BB7505946FAD
3 changed files with 33 additions and 0 deletions

View File

@ -0,0 +1,33 @@
# IPTABLES
## Introduction
* `iptables` is a systemd service and hence started accordingly.
* `/etc/iptables/iptables.rules` will be applied when you start or enable the `iptables.service`.
* After adding rules via command-line as shown in the following sections, the configuration file is not changed
automatically — you have to save it manually:
```iptables-save -f /etc/iptables/iptables.rules
```
* Listing rules with `iptables -nvL`.
## Basic Rules (Offline setup)
### FORWARD
* First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP
`iptables -P FORWARD DROP`
## INPUT
1. `iptables -A INPUT -i lo -j ACCEPT`
2. `iptables -A INPUT -n conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT`
3. `iptables -A INPUT -n conntrack -ctstate INVALID -j DROP`
4. `iptables -A INPUT -j DROP`
5. `iptables -A INPUT -p tcp --dport ssh -j ACCEPT`
## OUTPUT
1. `iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT`
2. `iptables -A OUTPUT -j DROP`

View File