Secure your Linux Box using IPTables Firewall!
Most of the Linux distributions have an inbuilt firewall called iptables. Well, many a times its not configured properly.
Below is a shell script, just copy and paste it into a file....further steps below the script.
A MAJOR CHANGE IN THE SCRIPT !!!!!!
#!/bin/bash iptables -v -F; iptables -v -A INPUT -i lo -j ACCEPT; ########### Line no. 3 replaced as below ############# iptables -v -P INPUT DROP # Default Policy DROP iptables -v -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -v -A INPUT -m state -m tcp --proto tcp --dport 80 --state NEW -j ACCEPT; # HTTP iptables -v -A INPUT -m state -m udp --proto udp --dport 53 --state NEW -j ACCEPT; # DNS iptables -v -A INPUT -m state -m tcp --proto tcp --dport 53 --state NEW -j ACCEPT; # DNS iptables -v -A INPUT -j REJECT; ######## A LINE ADDED ######## iptables -v -P OUTPUT ACCEPT # Default Policy Accept iptables -v -A OUTPUT -o lo -j ACCEPT; iptables -v -A OUTPUT -o eth0 -j ACCEPT; iptables -v -A OUTPUT -m tcp --proto tcp --dport 80 -j ACCEPT; # HTTP iptables -v -A OUTPUT -m tcp --proto tcp --dport 443 -j ACCEPT; # HTTPS iptables -v -A OUTPUT -m tcp --proto tcp --dport 445 -j ACCEPT; # SMB iptables -v -A OUTPUT -m tcp --proto tcp --dport 53 -j ACCEPT; # DNS iptables -v -A OUTPUT -m udp --proto udp --dport 53 -j ACCEPT; # DNS iptables -v -A OUTPUT -m tcp --proto tcp --dport 5222 -j ACCEPT; #Google Talk or Jabber iptables -v -A OUTPUT -m tcp --proto tcp --dport 5050 -j ACCEPT; #Yahoo iptables -v -A OUTPUT -m tcp --proto tcp --dport 6667 -j ACCEPT; #IRC iptables -v -A OUTPUT -m tcp --proto tcp --dport 7777 -j ACCEPT; #Jabber file Transfers iptables -v -A OUTPUT -j REJECT; ######### A LINE ADDED ####### iptables -v -P FORWARD DROP # Default Policy DROP iptables -v -A FORWARD -j REJECT; iptables-save > /tmp/iptables; iptables-restore < /tmp/iptables; /etc/init.d/iptables save
This shell script has been tested in Fedora (built on which) and Ubuntu (Friend's PC).
After pasting into a file, you need to chmod the file with executable permissions. chmod means changing permissions for a file on a Linux/Unix system.
for assistance on chmod log on to http://www.december.com/unix/ref/chmod.html
as in this instance it will be chmod 777 <file path>
Then execute the file as root. (to become root in debian or debian based gnu's, "sudo or su" is the command)
You may modify it further as needed.
***************** PLEASE UPDATE YOUR SETTINGS AS PER THE CHANGES ******************
NOTE: iTech7.com will not be responsible for any damages/losses occurred due to this script.
If you need more help, go to the #iptables channel on irc.freenode.net
Nilesh Govindrajan
Site & Server Administrator
iTech7
Similar
- iPhone 4 Hacked
- Potential malware threat for Macintosh
- IPTables block IPs by country
- Threat Level Privacy, Crime and Security Online Facebook App Maker Hit With Data-Breach Class Action
- HOW TO GET ANY WINDOWS PASSWORD
- Virus Writers are going Open Source
- Study: Adobe Flash cookies pose vexing privacy questions
- WARNING: DON'T USE FILE TRANSFER ON CHAT!
- Security: Newbie-Make the Folder Invisble
- Newbie:Blocking Unwanted Parasites(Sites) with a Hosts File
Comments
ERROR on ubuntu
puneeth@puneeth-desktop:~$ iptables -v -F;
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Execute the application as
Execute the application as root. DO NOT USE SUDO. Use su - (su dash).
Nilesh Govindrajan
Site & Server Administrator
iTech7
ahhh dude
what is Chmod the file mean?? give example!!
updated article
updated article
Nilesh Govindrajan
Site & Server Administrator
iTech7
Dedicated servers
Hi,
I have tested the above script on our Dedicated server and it's running fine, thanks a lot.