How to setup firewall in Linux? - Iptables Tutorial
Hi, firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Linux firewall can be implemented using several tools such as iptables, UFW (Uncomplicated Firewall), firewalld, etc. In this tutorial, we will be focusing on iptables, which is the most commonly used firewall tool in Linux.
Step 1: Install iptables
In most Linux distributions, iptables is pre-installed by default. However, if it is not installed, you can install it using the following command:
sudo apt-get install iptables
Step 2: Set default policies
Before configuring iptables rules, it is important to set the default policies for incoming and outgoing traffic. The default policy for incoming traffic is usually set to DROP, which means that all incoming traffic is dropped by default unless there is a rule to allow it. The default policy for outgoing traffic is usually set to ACCEPT, which means that all outgoing traffic is allowed by default unless there is a rule to deny it. You can set the default policies using the following commands:
sudo iptables -P INPUT DROPsudo iptables -P FORWARD DROPsudo iptables -P OUTPUT ACCEPT
Step 3: Allow SSH traffic
SSH (Secure Shell) is a protocol used for secure remote access to a server. You can allow SSH traffic using the following command:
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
This command adds a rule to allow incoming traffic on port 22 (which is the default port for SSH) and the state module ensures that the traffic is either new or established.
Step 4: Allow HTTP and HTTPS traffic
HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP Secure) are protocols used for web browsing. You can allow HTTP and HTTPS traffic using the following commands:
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPTsudo iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
These commands add rules to allow incoming traffic on ports 80 (HTTP) and 443 (HTTPS).
Step 5: Allow DNS traffic
DNS (Domain Name System) is a protocol used for resolving domain names to IP addresses. You can allow DNS traffic using the following command:
sudo iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPTsudo iptables -A OUTPUT -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
Step 6: Save iptables rules
After configuring iptables rules, you need to save them so that they are applied automatically at boot time. You can save iptables rules using the following command:
sudo iptables-save > /etc/iptables.rules
This command saves the current iptables rules to the /etc/iptables.rules file.
Step 7: Load iptables rules at boot time
To ensure that the iptables rules are applied at boot time, you need to create a script that loads the rules from the /etc/iptables.rules file. You can create the script using the following command:
sudo nano /etc/network/if-pre-up.d/iptables
This command opens a file called iptables in the nano text editor. Paste the following contents into the file:
#!/bin/shiptables-restore < /etc/iptables.rulesexit 0
Save the file and exit the text editor. Make the script executable using the following command:
sudo chmod +x /etc/network/if-pre-up.d/iptables
This command sets the execute permission for the script. Now, whenever the network interface is brought up, the iptables rules will be loaded from the /etc/iptables.rules file.
Step 8: Test iptables rules
To test the iptables rules, you can try to connect to your server using SSH, HTTP, or HTTPS protocols. You can also try to resolve a domain name using the DNS protocol. If the connections are successful, then the iptables rules are working correctly.
Step 9. Block an IP Address
You can block an IP address using the following command:
sudo iptables -A INPUT -s <IP_address> -j DROP
This command adds a rule to the INPUT chain to drop all traffic from the specified IP address.
Step 10. Allow Ping Traffic
You can allow ping traffic (ICMP) using the following command:
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
This command adds a rule to the INPUT chain to accept ICMP echo requests.
Step 11. Limit the Number of Connections
You can limit the number of connections to a server using the following command:
sudo iptables -A INPUT -p tcp --syn --dport <port_number> -m connlimit --connlimit-above <number_of_connections> -j DROP
This command adds a rule to the INPUT chain to drop all TCP traffic that exceeds the specified number of connections to a port.
Step 12. Port Forwarding
You can forward traffic from one port to another using the following command:
sudo iptables -t nat -A PREROUTING -p tcp --dport <source_port> -j DNAT --to-destination <destination_IP_address>:<destination_port>
This command adds a rule to the NAT table to forward traffic from the specified source port to the specified destination IP address and port.
Step 13. Source NAT
You can use source NAT to change the source IP address of outgoing traffic using the following command:
sudo iptables -t nat -A POSTROUTING -s <source_IP_address> -j SNAT --to-source <new_IP_address>
This command adds a rule to the POSTROUTING chain of the NAT table to change the source IP address of outgoing traffic from the specified source IP address to the specified new IP address.
Labels: best practices, How to setup firewall in Linux? - Iptables Tutorial, linux
posted by Kaavannan K @ March 14, 2021
0 comments
0 Comments:
Post a Comment
Note: only a member of this blog may post a comment.
<< Home