iptables rules fix

iptables desktop initial
2022-06-28 13:39:06 +05:30 · 2022-06-28 13:34:43 +05:30
3 changed files with 33 additions and 0 deletions
--- a/services/firewall/iptables/iptables.rules
+++ b/services/firewall/iptables/iptables.rules
--- a/services/firewall/iptables/iptablesRules.md
+++ b/services/firewall/iptables/iptablesRules.md
@ -0,0 +1,33 @@
+# IPTABLES
+
+## Introduction
+
+* `iptables` is a systemd service and hence started accordingly.
+* `/etc/iptables/iptables.rules` will be applied when you start or enable the `iptables.service`.
+* After adding rules via command-line as shown in the following sections, the configuration file is not changed
+  automatically — you have to save it manually:
+
+  ```iptables-save -f /etc/iptables/iptables.rules
+  ```
+
+* Listing rules with `iptables -nvL`.
+
+## Basic Rules (Offline setup)
+
+### FORWARD
+
+* First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP
+ `iptables -P FORWARD DROP`
+
+## INPUT
+
+1. `iptables -A INPUT -i lo -j ACCEPT`
+2. `iptables -A INPUT -n conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT`
+3. `iptables -A INPUT -n conntrack -ctstate INVALID -j DROP`
+4. `iptables -A INPUT -p tcp --sport 22 -j ACCEPT`
+5. `iptables -A INPUT -j DROP`
+
+## OUTPUT
+
+1. `iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT`
+2. `iptables -A OUTPUT -j DROP`
--- a/services/firewall/nftables/nft.conf
+++ b/services/firewall/nftables/nft.conf
Author	SHA1	Message	Date
Pratyush Desai	fe52c6b8a5	iptables rules fix	2022-06-28 13:39:06 +05:30
Pratyush Desai	88f2a9eb8a	iptables desktop initial	2022-06-28 13:34:43 +05:30