«

»

Apr 21

Easy Linux server iptables configuration

To enable your local, internal firewall on your Linux server, you need to run a couple of commands as root:

# chkconfig iptables on

# service iptables start

Add a policy to the interface. Let’s say it is a bonded interface called bond0.  This policy will reject all inbound and forward traffic on bond0, except ping (icmp) and connections on port 22, the ssh port.  Create a file called iptables, and place it in /etc/sysconfig/ and add the following content:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-bond0-INPUT – [0:0]
-A INPUT -j RH-Firewall-bond0-INPUT
-A FORWARD -j RH-Firewall-bond0-INPUT
-A RH-Firewall-bond0-INPUT -i bond0 -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-bond0-INPUT -i bond0 -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-bond0-INPUT -i bond0 -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-bond0-INPUT -i bond0 -m state –state NEW -m udp -p udp –dport 22 -j ACCEPT
-A RH-Firewall-bond0-INPUT -i bond0 -j REJECT –reject-with icmp-host-prohibited
COMMIT

Restart iptables service:

# service iptables restart

View your new policy:

# iptables -L

That’s it. Enjoy!
 

Leave a Reply