Home / Blogs / Nilesh's blog
Secure your Linux Box using IPTables Firewall!
Most of the Linux distributions have an inbuilt firewall called iptables. Well, many a times its not configured properly.
Below is a shell script, just copy and paste it into a file....further steps below the script.
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
iptables -v -A INPUT -i eth0 -j ACCEPT;
iptables -v -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 80 --state NEW -j ACCEPT;
iptables -v -A INPUT -m state -m udp --proto udp --dport 53 --state NEW -j ACCEPT;
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 53 --state NEW -j ACCEPT;
iptables -v -A INPUT -j REJECT;
iptables -v -A OUTPUT -o lo -j ACCEPT;
iptables -v -A OUTPUT -o eth0 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 80 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 443 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 445 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 53 -j ACCEPT;
iptables -v -A OUTPUT -m udp --proto udp --dport 53 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5222 -j ACCEPT; #Google Talk or Jabber
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5050 -j ACCEPT; #Yahoo
iptables -v -A OUTPUT -m tcp --proto tcp --dport 6667 -j ACCEPT; #IRC
iptables -v -A OUTPUT -m tcp --proto tcp --dport 7777 -j ACCEPT; #Jabber file Transfers
iptables -v -A OUTPUT -j REJECT;
iptables -v -A FORWARD -j REJECT;
iptables-save > /tmp/iptables;
iptables-restore < /tmp/iptables;
/etc/init.d/iptables save
This shell script has been tested in Fedora (built on which) and Ubuntu (Friend's PC).
After pasting into a file, you need to chmod the file with executable permissions. chmod means changing permissions for a file on a Linux/Unix system.
for assistance on chmod log on to http://www.december.com/unix/ref/chmod.html
as in this instance it will be chmod 777 <file path>
Then execute the file as root. (to become root in debian or debian based gnu's, "sudo or su" is the command)
You may modify it further as needed.
NOTE: iTech7.com will not be responsible for any damages/losses occurred due to this script.
If you need more help, go to the #iptables channel on irc.freenode.net












puneeth@puneeth-desktop:~$ iptables -v -F;
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Execute the application as root. DO NOT USE SUDO. Use su - (su dash).
Nilesh Govindrajan
Site & Server Administrator
iTech7
Nilesh Govindrajan
Site & Server Administrator
iTech7
what is Chmod the file mean?? give example!!
updated article
Nilesh Govindrajan
Site & Server Administrator
iTech7
Post new comment