IPTABLES for fedora Linux
Here I have mentioned the basic configurations for enabling iptables in fedora linux.
will list your current iptables configuration.
To allow established sessions to receive traffic
# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
You could start by blocking traffic, but you might be working over SSH, where you would need to allow SSH before blocking everything else.
To allow incoming traffic on the default SSH port (22), you could tell iptables to allow all TCP traffic on that port to come in.
# iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Now check the current configuration
For Interface based access for eth0 specify -i eth0
Once we enabled the ssh port.we can drop all other incoming ports.
# iptables -A INPUT -j DROP
Now check the rule
In the final step we have to enable loopback interface. After all the traffic has been dropped. We need to insert this rule before that. Since this is a lot of traffic, we'll insert it as the first rule so it's processed first.
#iptables -I INPUT 1 -i lo -j ACCEPT
To enabling logging
# iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
To save this configuration
This configuration will enable ssh port and disable all other incoming ports.
For interface based configuration
Also you can manual edit /etc/sysconfig/iptables
For Detailed Configuration click here
Here I have mentioned the basic configurations for enabling iptables in fedora linux.
#iptables -L
will list your current iptables configuration.
To allow established sessions to receive traffic
# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
You could start by blocking traffic, but you might be working over SSH, where you would need to allow SSH before blocking everything else.
To allow incoming traffic on the default SSH port (22), you could tell iptables to allow all TCP traffic on that port to come in.
# iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Now check the current configuration
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
For Interface based access for eth0 specify -i eth0
Once we enabled the ssh port.we can drop all other incoming ports.
# iptables -A INPUT -j DROP
Now check the rule
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere
In the final step we have to enable loopback interface. After all the traffic has been dropped. We need to insert this rule before that. Since this is a lot of traffic, we'll insert it as the first rule so it's processed first.
#iptables -I INPUT 1 -i lo -j ACCEPT
To enabling logging
# iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
To save this configuration
# iptables-save > /etc/sysconfig/iptables
or
#service iptables save
or
#service iptables save
#service iptables start
This configuration will enable ssh port and disable all other incoming ports.
For interface based configuration
Also you can manual edit /etc/sysconfig/iptables
For Detailed Configuration click here
Thank you so much for this article. It is a great help for me using this article to configure my Linux firewall
ReplyDelete--xtechnotes.blogspot.com