Secure Firewall Setup

Written by Servers for Hackers / Original link on May. 18, 2020

You can view current firewall rules via sudo iptables -L -v.

In this video, we'll add to the input chain, which controls incoming (ingress) traffic:

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP

We appended rules so far, but you can also insert rules to a specific location:

sudo iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT

Finally, we need to persist these rules through reboots:

# Install it (this should save your current rules)
sudo apt-get install -y netfilters-persistent

# Persist for next reboot (may be unnecessary)
sudo iptables-save > /etc/iptables/rules.v4

Resources

• Consider using iptables-nft instead of the "legacy" iptables command
• See how to convert rules to nft format here.

serversforhackers

« How To Crash An Airplane - Secure SSH Setup »