Safety is a key factor to be reckoned with in the IT field. Iptables firewall is configured by command line, highly customizable, yet sturdy and we will have a degree at least effective to control our traffic network.

A computer connected to the Internet is able to continuously exchange data (packets) of various kinds. It is thanks to the firewall that we will determine the routes that packets will do exactly as we set the filtering.

Iptables is a good solution in the professional and home that allows us a good level of security without complex changes and upheavals. We all configure policy settings according to our specific machine settings.

The premise is that the following configuration was applied to Archlinux but with small steps is valid for any operating system GNU / Linux. The exceptions are in the opening of the demon. To give a practical example on Ubuntu / Debian will be inserted instead of rc.d - init.d

To verify that there are no traces of previous configurations give commands as root

iptables -L otherwise verbose mode iptables -vv -L

If the fields that appear are not populated, you can proceed with configuration. Inziamo with block traffic from outside. Attention because with this command displays navigation.

iptables -P INPUT DROP

Time to drop even forwarding packets. We'll then set the options for that purpose.

iptables -P FORWARD DROP

From now on, start the actual configuration of the firewall. Enable forwarding packets locally.

iptables -A INPUT -i lo -j ACCEPT

We did not merely enable traffic through the interface ( loopback ) in our car.

iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT

Use this command to enable browsing but also do so to receive packets only if we have requested them. The prime example is the request for a webpage.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Now we are simply applying the filtering according to the services and ports associated with them. In the input given above is an active ssh server. In the above command, there are variations such as if you are using P2P software is also important that the UDP protocol. Will simply populated the field after the-p option with inserimeto UDP. ( iptables -A INPUT -p udp --dort 4672 -j ACCEPT )

You can add more ports depending on the services that are active on your machine. Remember that misconfiguration of the firewall can block all browsing or block at the moment (until resolved) ftp or web services.

To save the settings you must give the command as root  /etc/rc.d/iptables save

Now we start the daemon with its /etc/rc.d/iptables start | stop | restart

You will also need to keep it between the demons in the configuration file that will be read at every system startup.

cut  /etc/rc.conf

Must first enter the network so that connection is initiated before they ever received and sent packets before the firewall.

Here is the final result:

iptables -vv -L

This is called a basic configuration that implements a sufficient level of security. Clearly if you have the need for solutions far more complex, I refer you to the project's home page or simply by typing man iptables in the console.

Comments

Name *
Email (For verification & Replies)
URL
Code   
ChronoComments by Joomla Professional Solutions

Submit Comment