Here are basic firewall features:
- allows lo0 traffic
- accepts established connections
- allows all outgoing traffic
- log everything denied.
Place the following into
~/iptables.rules
*filter
#
# http://wiki.debian.org/iptables
#
# Defaults are to DROP anything sent to firewall or internal
# network, permit anything going out.
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
# Flush all specific rules
-F INPUT
-F FORWARD
-F OUTPUT
# Allows all loopback (lo0) traffic and drop all traffic to 127/8
# that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You could modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# ----------- BEGIN OF CUSTOM RULES -----------
# Add your custom rules here, e.g. port knocking, ignore netbios, etc.
#
# ------------ END OF CUSTOM RULES ------------
# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly
# allowed policy:
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
Now you can activate these rules as described
here.
No comments :
Post a Comment