Linux Security Debian Slax Tiny Core Health

Security

Frugal Install

Encryption

Definitions

Iptables 1
Set Up a Simple Firewall

Iptables 2
Simplify the Setup

Iptables 3
Start the Firewall Automatically

Iptables 4
Change the Policy to Drop

Iptables 5
Logging

Iptables 6
Add Rules

Iptables 7
IP Address Blocks

Iptables 8
Add Chains

Iptables 9
Change Rules While in Use

Iptables Summary

Graphical Firewalls

Check for Malware

Erase Everything from a Hard Drive

Security Links


Other Links


Contact Details

Iptables 6

Add Rules

Rule Order

The order Iptables rules are written is important. With each packet that comes into the computer, Iptables goes through the rules in the order they are written until it finds a rule applicable to that package. It is dealt with as determined by that rule, and Iptables is finished with it. As you add rules, think about the order they are written, and put them in the correct order.


Allow IP Addresses Not Ports

The Iptables rules in the examples have allowed ports 53 and 80. Your computer will be more secure if you allow additional IP addresses, not ports. Do this where practical. You can find these by looking at your Iptables log file.


Adding Rules

You decide what rules you want to add to your iptables set up. Following are a few examples.


Allow IP Addresses

You may find the firewall has blocked something, and you can't access it. If this happens, note the time you tried to access it, look at your log file and see if there were logs with the prefix "InDrop" at that time. You can then add a rule to allow whatever is being dropped.

To allow IP addresses, insert lines similar to this, with the appropriate IP address numbers.

iptables -A INPUT -s 150.101.135.3 -j ACCEPT

Block IP Addresses

You may want to block IP addresses, to prevent anything undesirable coming into your computer, or to restrict what young children or employees can access. To do this, insert lines similar to this, with the appropriate IP address numbers.

iptables -A INPUT -s 222.216.28.125 -j DROP

Allow Ports

You Iptables set up already includes a line accepting tcp protocol from source port 80.

iptables -A INPUT -p tcp --sport 80 -j ACCEPT

To add other ports or protocols, insert similar lines, changing the "80" to whatever port you want, and the "tcp" to whatever protocol you want.


Block Ports

To block ports, insert lines similar to this, with whatever ports and protocols you want to block.

iptables -A INPUT -p udp --sport 1026 -j DROP

Combine Port, Protocol and IP Address

You can combine all these things, and have the protocol, port, and IP address, all in one rule.

iptables -A INPUT -p udp --sport 53 -s 203.194.56.150 -j ACCEPT

You would use a rule like this where you want to allow a certain port or protocol from an IP address, but drop other things from that IP address.


Output Chain

You may add rules to the OUTPUT chain. Use similar rules replacing "INPUT" with "OUTPUT," and "s" which stands for source, with "d" which stands for destination.


Established or Related Rule

Be aware, many things will be allowed into the computer from sources not specifically mentioned in Iptables rules because of the established or related rule.


Checking the Iptables Setup

Previously "iptables -L" was used to check the iptables set up. If you use this when including rules containing IP addresses, Iptables will try to find the name of each IP address, and this may take some time. The output will be quicker if you use:

iptables -L -n

The "n" stands for numeric.


< Iptables 5 Logging

Iptables 7 IP Address Blocks >

© Copyright Guy Shipard 2008 - 2009