Home / Blogs / Nilesh's blog

Freedom from labor itself is not new; it once belonged among the most firmly established privileges of the few. In this instance, it seems as though scientific progress and technical developments had been only taken advantage of to achieve something about which all former ages dreamed but which none had been able to realize.

Hannah Arendt

Secure your Linux Box using IPTables Firewall!

Nilesh - Posted on 04 May 2008

Most of the Linux distributions have an inbuilt firewall called iptables. Well, many a times its not configured properly.

Below is a shell script, just copy and paste it into a file....further steps below the script.

#!/bin/bash

iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
iptables -v -A INPUT -i eth0 -j ACCEPT;
iptables -v -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 80 --state NEW -j ACCEPT;
iptables -v -A INPUT -m state -m udp --proto udp --dport 53 --state NEW -j ACCEPT;
iptables -v -A INPUT -m state -m tcp --proto tcp --dport 53 --state NEW -j ACCEPT;
iptables -v -A INPUT -j REJECT;

iptables -v -A OUTPUT -o lo -j ACCEPT;
iptables -v -A OUTPUT -o eth0 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 80 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 443 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 445 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 53 -j ACCEPT;
iptables -v -A OUTPUT -m udp --proto udp --dport 53 -j ACCEPT;
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5222 -j ACCEPT; #Google Talk or Jabber
iptables -v -A OUTPUT -m tcp --proto tcp --dport 5050 -j ACCEPT; #Yahoo
iptables -v -A OUTPUT -m tcp --proto tcp --dport 6667 -j ACCEPT; #IRC
iptables -v -A OUTPUT -m tcp --proto tcp --dport 7777 -j ACCEPT; #Jabber file Transfers
iptables -v -A OUTPUT -j REJECT;

iptables -v -A FORWARD -j REJECT;

iptables-save > /tmp/iptables;

iptables-restore < /tmp/iptables;

/etc/init.d/iptables save

This shell script has been tested in Fedora (built on which) and Ubuntu (Friend's PC).

After pasting into a file, you need to chmod the file with executable permissions. chmod means changing permissions for a file on a Linux/Unix system.

for assistance on chmod log on to http://www.december.com/unix/ref/chmod.html

as in this instance it will be chmod 777 <file path>

Then execute the file as root. (to become root in debian or debian based gnu's, "sudo or su" is the command)

You may modify it further as needed.

NOTE: iTech7.com will not be responsible for any damages/losses occurred due to this script.

If you need more help, go to the #iptables channel on irc.freenode.net

Bookmark/Search this post with:

Nilesh's blog

Security

ERROR on ubuntu

Submitted by puneeth on Sun, 07/09/2008 - 3:58pm.

puneeth@puneeth-desktop:~$ iptables -v -F;
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Execute the application as

Submitted by Nilesh on Mon, 15/09/2008 - 6:05pm.

Execute the application as root. DO NOT USE SUDO. Use su - (su dash).

Nilesh Govindrajan

Site & Server Administrator
iTech7

Nilesh Govindrajan

Site & Server Administrator
iTech7

ahhh dude

Submitted by puneeth on Tue, 13/01/2009 - 12:43pm.

what is Chmod the file mean?? give example!!

updated article

Submitted by Nilesh on Tue, 13/01/2009 - 4:06pm.

updated article

Nilesh Govindrajan

Site & Server Administrator
iTech7

Partner Websites

We need money to keep going... Please donate some !

Who's online

Secure your Linux Box using IPTables Firewall!

Comment viewing options

Comment viewing options

Post new comment

Primary links

Recent comments