How To Configure IPTABLES Firewall

Most routers do sufficient work in stopping attacks and keeping the inside network resources getting into the hands of hackers and intruders. However a firewall is an extra layer of protectiveness.

Below are snippits of a script that I have used many times before (modifiying it as needed), I think it should be easy to follow and will give a good base line to start your firewall.

Flush Your Current Configuration

Its always best to start with a fresh start. The following command clears/flushes all rules that are currently in place. If you mess up and lock yourself out this will disable your firewall and allow you back in.

Set Default Policies

Now we set default rules to what you want to do, since this is a firewall we will want to drop all connections and not respond to them

Block An IP Address

If you find you are getting hit a lot by a certain IP address you can block them using...

Allow Services To Respond To Requests

Most linux users run ssh, so we need to allow those connections. Change the dport and sport values to whatever service you need to allow in (IE: http is port 80, https is port 443, rsync is 873, mysql 3306, email sending 25, email receive 143/110, etc etc etc)

Allow Specific IP Address To Access Service

If you have a static ip at a clients you can specifically allow only that ip address to access your service

Allow Services To Connect

Sometimes its not just the incoming requests you have to look at but the outgoing as well. The following allows ssh to to connect outside your network. Like before you can change the dport and sport numbers to whatever port your service uses.

One service that gets overlooked is DNS so make sure you allow DNS Lookups

Restrict Outgoing Connections To Specific IP Addresses

If you will only be connecting to a specific list of ip addresses you can specify them and block all others.

Load Balancing

A neat feature of iptables is the ability to load blance web traffic. The following assumes your ip address is running a https web server. The commands below will help with load balancing the web server

Allow Lookback Traffic

Some services need to talk to other services on the machine without having to go over network wiring. The following will allow loopback access

Allow NIS Connections

NIS is a service that allows computers on a local network to see each other. If you have gone in a windows enviroment and looked at network neighbourhood and see other computers listed, thats the service that does this.

Prevent DOS Attacks

DOS or denial of service attacks, basically make many connections to a server/service until the software running the service cant handle it any more and malfunctions shutting down that service. The following helps in protecting against that. This example protects http DOS attacks.

Log Anything That Failed

The following commands log all dropped conenctions. This is very usefull in analyzing attacks as well as viewing configuration problems.