{"id":40,"date":"2017-10-10T02:51:00","date_gmt":"2017-10-10T02:51:00","guid":{"rendered":"https:\/\/linuxadmin.melberi.com\/uncategorized\/iptables-for-fedora-linux"},"modified":"2017-10-10T05:31:36","modified_gmt":"2017-10-10T05:31:36","slug":"iptables-basic-linux","status":"publish","type":"post","link":"https:\/\/www.melberi.com\/linuxadmin\/iptables\/iptables-basic-linux","title":{"rendered":"Basic Iptables Configuration for Linux"},"content":{"rendered":"<p>IPTABLES Basics for CentOS Fedora Linux Redhat Ubuntu Debian Linux<\/p>\n<h3><span style=\"text-decoration: underline;\">iptables Basics<\/span><\/h3>\n<div style=\"background-color: #cccccc;\"><b>#iptables -L<\/b><\/div>\n<p>will list your current iptables configuration.<\/p>\n<p>To allow established sessions to receive traffic<\/p>\n<p><b># iptables -A INPUT -m conntrack &#8211;ctstate ESTABLISHED,RELATED -j ACCEPT <\/b><\/p>\n<p>You could start by blocking traffic, but you might be working over SSH, where you would need to allow SSH before blocking everything else.<\/p>\n<p><b>To allow incoming traffic on the default SSH port (22), you could tell iptables to allow all TCP traffic on that port to come in.<\/b><\/p>\n<p><b># iptables -A INPUT -p tcp &#8211;dport ssh -j ACCEPT<\/b><\/p>\n<p>Now check the current configuration<\/p>\n<div style=\"background-color: #cccccc;\"><b># iptables -L<\/b><br \/>\n<b>Chain INPUT (policy ACCEPT)<\/b><br \/>\n<b>target\u00a0\u00a0\u00a0\u00a0 prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 destination<\/b><br \/>\n<b>ACCEPT\u00a0\u00a0\u00a0\u00a0 all\u00a0 &#8212;\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 state RELATED,ESTABLISHED<\/b><br \/>\n<b>ACCEPT\u00a0\u00a0\u00a0\u00a0 tcp\u00a0 &#8212;\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tcp dpt:ssh <\/b><\/div>\n<p>For Interface based access for eth0 specify -i eth0<br \/>\nOnce we enabled the ssh port.we can drop all other incoming ports.<\/p>\n<p><b># iptables -A INPUT -j DROP<\/b><\/p>\n<p>Now check the rule<\/p>\n<div style=\"background-color: #cccccc;\"><b># iptables -L<\/b><br \/>\n<b>Chain INPUT (policy ACCEPT)<\/b><br \/>\n<b>target\u00a0\u00a0\u00a0\u00a0 prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 destination<\/b><br \/>\n<b>ACCEPT\u00a0\u00a0\u00a0\u00a0 all\u00a0 &#8212;\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 state RELATED,ESTABLISHED<\/b><br \/>\n<b>ACCEPT\u00a0\u00a0\u00a0\u00a0 tcp\u00a0 &#8212;\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tcp dpt:ssh<\/b><br \/>\n<b>DROP\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all\u00a0 &#8212;\u00a0 anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 anywhere<\/b><\/div>\n<p>In the final step we have to enable loopback interface. After all the traffic has been dropped. We need to insert this rule before that. Since this is a lot of traffic, we&#8217;ll insert it as the first rule so it&#8217;s processed first.<\/p>\n<p><b>#iptables -I INPUT 1 -i lo -j ACCEPT<\/b><\/p>\n<p>To enabling logging<\/p>\n<p><b># iptables -I INPUT 5 -m limit &#8211;limit 5\/min -j LOG &#8211;log-prefix &#8220;iptables denied: &#8221; &#8211;log-level 7<\/b><\/p>\n<p>To save this configuration<\/p>\n<div style=\"background-color: #cccccc;\"><b># iptables-save &gt; \/etc\/sysconfig\/iptables<\/b><br \/>\n<b>or<\/b><br \/>\n<b>#service iptables save <\/b><\/div>\n<div style=\"background-color: #cccccc;\"><b>#service iptables start<\/b><\/div>\n<p>This configuration will enable ssh port and disable all other incoming ports.<\/p>\n<p><a href=\"https:\/\/www.melberi.com\/linuxadmin\/iptables\/iptables-ssh\">For interface based configuration <\/a><\/p>\n<p>Also you can manual edit\u00a0 \/etc\/sysconfig\/iptables<\/p>\n<h4><b>For Detailed Configuration<\/b><\/h4>\n","protected":false},"excerpt":{"rendered":"<p>IPTABLES Basics for CentOS Fedora Linux Redhat Ubuntu Debian Linux iptables Basics #iptables -L will list your current iptables configuration. To allow established sessions to receive traffic # iptables -A&#8230; <a href=\"https:\/\/www.melberi.com\/linuxadmin\/iptables\/iptables-basic-linux\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[104],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/40"}],"collection":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/comments?post=40"}],"version-history":[{"count":5,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/40\/revisions"}],"predecessor-version":[{"id":620,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/40\/revisions\/620"}],"wp:attachment":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/media?parent=40"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/categories?post=40"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/tags?post=40"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}