in Linux

Iptables setup on Debian

Basic iptables setup.

Install persistent

apt-get install iptables-persistent

Loopback Connections

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Established and Related Incoming Connections

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Invalid Packets

iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

SSH

iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming HTTP

iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming HTTPS

iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming SMTP

iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming IMAP

iptables -A INPUT -p tcp --dport 143 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming IMAPS

iptables -A INPUT -p tcp --dport 993 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming POP3

iptables -A INPUT -p tcp --dport 110 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Incoming POP3S

iptables -A INPUT -p tcp --dport 995 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Input Drop Rule

iptables -P INPUT DROP

Save

iptables-save > /etc/iptables/rules.v4
iptables-save > /etc/iptables/rules.v6

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.