Basic Iptables Configuration for fedora linux

IPTABLES Basics for fedora Linux


Here I have mentioned the basic configurations for enabling iptables in fedora linux.

#iptables -L

will list your current iptables configuration.

To allow established sessions to receive traffic

# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

You could start by blocking traffic, but you might be working over SSH, where you would need to allow SSH before blocking everything else.

To allow incoming traffic on the default SSH port (22), you could tell iptables to allow all TCP traffic on that port to come in.

# iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Now check the current configuration

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh


For Interface based access for eth0 specify -i eth0
Once we enabled the ssh port.we can drop all other incoming ports.

# iptables -A INPUT -j DROP

Now check the rule

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       all  --  anywhere             anywhere


In the final step we have to enable loopback interface. After all the traffic has been dropped. We need to insert this rule before that. Since this is a lot of traffic, we'll insert it as the first rule so it's processed first.

#iptables -I INPUT 1 -i lo -j ACCEPT

To enabling logging

# iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

To save this configuration

# iptables-save > /etc/sysconfig/iptables
or
#service iptables save
#service iptables start

This configuration will enable ssh port and disable all other incoming ports.
For interface based configuration
Also you can manual edit  /etc/sysconfig/iptables

For Detailed Configuration



FOLLOW US :-    
   


1 comments :

  1. Thank you so much for this article. It is a great help for me using this article to configure my Linux firewall

    --xtechnotes.blogspot.com

    ReplyDelete