iptables: Firewall configuration model

[Mihai]

Since I don't use iptables-save, the first thing I do is create a script where I put all the rules I want to be executed by the firewall. We call this script firewall.sh.
In the folder where I want the firewall rules to be executed, I create the file, and after creation we must add execution rights to it.

Create file firewall.sh

Code: Select all

touch firewall.sh

Add execution rights to firewall.sh file

Code: Select all

chmod +x firewall.sh

Firewall.sh configuration

Code: Select all

#!/bin/bash
# Flush all iptables rules
iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -X
iptables -t mangle -F
# Set Default policy to INPUT, FORWARD and OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# General Settings
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT -m comment --comment "ACCEPT all traffic from loop back (lo) interface"
# Custom Settings
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -j ACCEPT -m comment --comment "ACCEPT all traffic from interface eth0 on port 80"
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT -m comment --comment "ACCEPT all traffic from all interfaces on port 22 (SSH)"
exit0

Execute script to add the firewall rules configured
bash Firewall.sh

Add the script to startup

Code: Select all

echo "/path/to/firewall.sh" >> /etc/rc.local