Setup an Iptables Firewall
Step 1: The iptables command to add a rule to the firewall as shown below:
iptables -A chain_name criteria -j target
Input protocol ICMP
Output:
Step 2: In order to define a DROP policy for input pings to our firewall, we must first compare the DROP and REJECT policies. In other words, ICMP packets will be silently dropped.
ping -c 3 192.168.0.15
We must permit access to port 3306 on our database server’s private IP address. That address in our instance was 192.168.0.15 We can restrict access by matching against the interface that has been given that address, or we can restrict access specifically for this address.
Output:
Step 3: To ensure that our packets will be tested by this new rule before moving on to the REJECT part, we will flush all rules from the INPUT chain
iptables -A OUTPUT --protocol tcp --destination-port 22 --out-interface eth0 --jump REJECT
Allowing incoming SSH connections (port 22) will likely be necessary if you’re using a server without a local console so that you can connect to and manage your server. The configuration of your firewall with various SSH-related rules is covered in this section.
Output:
Step 4: SSH logins from dev2 to dev1 must be turned on and off. While we’re handling outgoing traffic, we’ll be dealing with the OUTPUT chain
iptables -F iptables -A INPUT -i eth0 -s 0/0 -p TCP --dport 2049 -j REJECT iptables -A INPUT -i eth0 -s 0/0 -p TCP --dport 111-j REJECT
For HTTP and HTTPS connections, respectively, web servers like Apache and Nginx normally listen for requests on ports 80 and 443. Create rules that will enable your server to reply to requests if the default policy for incoming traffic is set to drop or reject.
Output:
Step 5: Allowing or denying NFS clients (from 192.168.0.0/24) the ability to mount NFS4 shares to block all traffic on ports 2049 and 111 on an NFSv4 server or firewall, issue the following commands
iptables -D INPUT 1 iptables -nL -v --line-numbers iptables -R INPUT 2 -i eth0 -s 0/0 -p TCP --dport 2049 -j REJECT iptables -R INPUT 1 -p tcp --dport 80 -j REJECT
You will be prompted to decide whether to save your current firewall rules before beginning the installation. Run the following command after updating your firewall rules if you want to save the changes:
Output:
Step 6: To load the rules saved in the /etc/iptables/rules.v4 file, install the iptables-persistent package
apt-get install iptables-persistent
Output:
How To Setup an Iptables Firewall to Enable Remote Access to Services in Linux
A system administrator can modify the IP packet filter rules of the Linux kernel firewall, which are implemented as various Netfilter modules, using the user-space utility application iptables. The filters are arranged in several tables, each of which has a set of rules on how to handle packets of network data. Using a set of programmable table rules, the Linux command line firewall Iptables enables system administrators to control both incoming and outgoing traffic. Iptables employ a collection of tables with chains that each contain a set of pre-configured or user-defined rules. A command-line firewall tool called iptables uses policy chains to allow or deny traffic. Iptables searches through its list of rules to find one that matches a connection that tries to establish itself on your system. In the absence of one, it falls back on the default course of action.