pratyush/arch-conf-install
Archived
1
0
Fork 0
Code Issues 5 Pull Requests Projects 1 Releases Wiki Activity
This repository has been archived on 2022-06-28. You can view files and clone it, but cannot push or open issues or pull requests.
88f2a9eb8a
arch-conf-install/services/firewall/iptables/iptablesRules.md

1.0 KiB
Raw Blame History

IPTABLES

Introduction

  • iptables is a systemd service and hence started accordingly.

  • /etc/iptables/iptables.rules will be applied when you start or enable the iptables.service.

  • After adding rules via command-line as shown in the following sections, the configuration file is not changed automatically — you have to save it manually:

    iptables-save -f /etc/iptables/iptables.rules

  • Listing rules with iptables -nvL.

Basic Rules (Offline setup)

FORWARD

  • First of all, our computer is not a router (unless, of course, it is a router). We want to change the default policy on the FORWARD chain from ACCEPT to DROP iptables -P FORWARD DROP

INPUT

  1. iptables -A INPUT -i lo -j ACCEPT
  2. iptables -A INPUT -n conntrack -ctstate ESTABLISHED,RELATED -j ACCEPT
  3. iptables -A INPUT -n conntrack -ctstate INVALID -j DROP
  4. iptables -A INPUT -j DROP
  5. iptables -A INPUT -p tcp --dport ssh -j ACCEPT

OUTPUT

  1. iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
  2. iptables -A OUTPUT -j DROP