How To Configure IPTABLES Firewall
Below are snippits of a script that I have used many times before (modifiying it as needed), I think it should be easy to follow and will give a good base line to start your firewall.
Flush Your Current ConfigurationIts always best to start with a fresh start. The following command clears/flushes all rules that are currently in place. If you mess up and lock yourself out this will disable your firewall and allow you back in.
Set Default PoliciesNow we set default rules to what you want to do, since this is a firewall we will want to drop all connections and not respond to them
Block An IP AddressIf you find you are getting hit a lot by a certain IP address you can block them using...
Allow Services To Respond To RequestsMost linux users run ssh, so we need to allow those connections. Change the dport and sport values to whatever service you need to allow in (IE: http is port 80, https is port 443, rsync is 873, mysql 3306, email sending 25, email receive 143/110, etc etc etc)
Allow Specific IP Address To Access ServiceIf you have a static ip at a clients you can specifically allow only that ip address to access your service
Allow Services To ConnectSometimes its not just the incoming requests you have to look at but the outgoing as well. The following allows ssh to to connect outside your network. Like before you can change the dport and sport numbers to whatever port your service uses.
One service that gets overlooked is DNS so make sure you allow DNS Lookups
Restrict Outgoing Connections To Specific IP AddressesIf you will only be connecting to a specific list of ip addresses you can specify them and block all others.
Load BalancingA neat feature of iptables is the ability to load blance web traffic. The following assumes your ip address 192.168.1.101 is running a https web server. The commands below will help with load balancing the web server
Allow Lookback TrafficSome services need to talk to other services on the machine without having to go over network wiring. The following will allow loopback access
Allow NIS ConnectionsNIS is a service that allows computers on a local network to see each other. If you have gone in a windows enviroment and looked at network neighbourhood and see other computers listed, thats the service that does this.
Prevent DOS AttacksDOS or denial of service attacks, basically make many connections to a server/service until the software running the service cant handle it any more and malfunctions shutting down that service. The following helps in protecting against that. This example protects http DOS attacks.
Log Anything That FailedThe following commands log all dropped conenctions. This is very usefull in analyzing attacks as well as viewing configuration problems.