iptables: Firewall configuration model
Posted: 2023 May 03, 21:37
Since I don't use iptables-save, the first thing I do is create a script where I put all the rules I want to be executed by the firewall. We call this script firewall.sh.
In the folder where I want the firewall rules to be executed, I create the file, and after creation we must add execution rights to it.
Create file firewall.sh
Add execution rights to firewall.sh file
Firewall.sh configuration
Execute script to add the firewall rules configured
bash Firewall.sh
Add the script to startup
In the folder where I want the firewall rules to be executed, I create the file, and after creation we must add execution rights to it.
Create file firewall.sh
Code: Select all
touch firewall.shCode: Select all
chmod +x firewall.shCode: Select all
#!/bin/bash
# Flush all iptables rules
iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -X
iptables -t mangle -F
# Set Default policy to INPUT, FORWARD and OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# General Settings
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT -m comment --comment "ACCEPT all traffic from loop back (lo) interface"
# Custom Settings
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -j ACCEPT -m comment --comment "ACCEPT all traffic from interface eth0 on port 80"
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT -m comment --comment "ACCEPT all traffic from all interfaces on port 22 (SSH)"
exit0bash Firewall.sh
Add the script to startup
Code: Select all
echo "/path/to/firewall.sh" >> /etc/rc.local