Secure your Linux Box using IPTables Firewall!

Most of the Linux distributions have an inbuilt firewall called iptables. Well, many a times its not configured properly. 

Below is a shell script, just copy and paste it into a file....further steps below the script.

#!/bin/bash

iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
iptables -v -A INPUT -i eth0 -j ACCEPT;
iptables -v -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 80 --state NEW -j ACCEPT;
iptables -v -A INPUT -m state -m udp --proto udp --dport 53 --state NEW -j ACCEPT;
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 53 --state NEW -j ACCEPT;
iptables -v -A INPUT -j REJECT;

iptables -v -A OUTPUT -o lo -j ACCEPT;
iptables -v -A OUTPUT -o eth0 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 80 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 443 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 445 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 53 -j ACCEPT;
iptables -v -A OUTPUT -m udp --proto udp --dport 53 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5222 -j ACCEPT; #Google Talk or Jabber
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5050 -j ACCEPT; #Yahoo
iptables -v -A OUTPUT -m tcp --proto tcp --dport 6667 -j ACCEPT; #IRC
iptables -v -A OUTPUT -m tcp --proto tcp --dport 7777 -j ACCEPT; #Jabber file Transfers
iptables -v -A OUTPUT -j REJECT;

iptables -v -A FORWARD -j REJECT;

iptables-save > /tmp/iptables;

iptables-restore < /tmp/iptables;

/etc/init.d/iptables save

  

This shell script has been tested in Fedora (built on which) and Ubuntu (Friend's PC).

After pasting into a file, you need to chmod the file with executable permissions.

Then execute the file as root.

You may modify it further as needed.

NOTE: India Technologies will not be responsible for any damages/losses occurred due to this script.

If you need more help, go to the #iptables channel on irc.freenode.net