I have noticed some posts need updating. I will be adding new posts for new software versions and moving old posts to a archive. If something on here is incorrect or needs updating sign up and leave me post or use our simple contact form on the right!

IPtables, SSH, Ubuntu Securty, etc..

Bookmark It

We now have a IPtables configuration generator up and running!

IPtables Configuration Generator

If you have any questions just leave a comment.

Bookmark It

#—————————————————————
# Initialize all the chains by removing all the rules
# tied to them
#—————————————————————

iptables –flush
iptables -t nat –flush
iptables -t mangle –flush

#—————————————————————
# The loopback interface should accept all traffic
# Necessary for X-Windows and other socket based services
#—————————————————————

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#—————————————————————
# Allow outbound DNS queries from the FW and the replies too
#
# – Interface eth0 is the internet interface
#
# Zone transfers use TCP and not UDP. Most home networks
# websites using a single DNS server won’t require TCP statements
#
#—————————————————————

iptables -A OUTPUT -p udp -o eth0 –dport 53 –sport 1024:65535 \
-j ACCEPT
iptables -A INPUT -p udp -i eth0 –sport 53 –dport 1024:65535 \
-j ACCEPT

#—————————————————————
# Allow previously established connections
# – Interface eth0 is the internet interface
#—————————————————————

iptables -A OUTPUT -o eth0 -m state –state ESTABLISHED,RELATED \
-j ACCEPT

#—————————————————————
# Allow port 80 (www) and 22 (SSH) connections to the firewall
#—————————————————————

iptables -A INPUT -p tcp -i eth0 –dport 22 –sport 1024:65535 \
-m state –state NEW -j ACCEPT

iptables -A INPUT -p tcp -i eth0 –dport 80 –sport 1024:65535 \
-m state –state NEW -j ACCEPT

#—————————————————————
# Allow port 80 (www) and 443 (https) connections from the firewall
#—————————————————————

iptables -A OUTPUT -j ACCEPT -m state \
–state NEW,ESTABLISHED,RELATED -o eth0 -p tcp \
-m multiport –dport 80,443 -m multiport –sport 1024:65535

#—————————————————————
# Allow previously established connections
# – Interface eth0 is the internet interface
#—————————————————————

iptables -A INPUT -j ACCEPT -m state –state ESTABLISHED,RELATED \
-i eth0 -p tcp

#—————————————————————
# If a packet doesn’t match one of the built in chains, then
# The policy should be to drop it
#—————————————————————

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP

Bookmark It

Two Simple Steps for updating ubuntu form within the shell:

sudo apt-get update

sudo apt-get upgrade

Video Walkthrough Below:

YouTube

Bookmark It

I always have people asking me for a dummies guide to IPtables, and in all reality their isn’t one it takes time, reading, and understanding to use it properly. If IPtables is used properly and effectively it can save you hundreds of dollars in networking equipment and time. Here is a collection of several IPtables how-to’s and links I have collected for people through the years.

• Basic IPtables Commands
• Using iptables to limit bruteforce attacks
• Configuring IPtables on ubuntu server
• Basic IPtables Configuration example

Bookmark It