Ubuntu 14.04 Configuration iptables Firewall

Ubuntu default installation is not open any firewall, for the security of the server, we recommend that you install enable firewall settings, it is recommended to use the Iptables firewall. If MySQL is used locally, you can not open port 3306.

# whereis iptables#查看系统是否安装防火墙可以看到:

iptables: /sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz #表示已经安装iptablesapt-get install iptables #如果默认没有安装，请运行此命令安装防火墙

# iptables -L#查看防火墙配置信息, shown below:

Chain INPUT (policy ACCEPT)target prot opt source destinationChain FORWARD (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destination

# vi /etc/iptables.rules

Add the following (note: 80 refers to the Web server port, 3306 refers to the MySQL database link port, and 22 refers to the SSH remote management port.)

*filter:INPUT DROP [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]:syn-flood - [0:0]-A INPUT -i lo -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood-A INPUT -j REJECT --reject-with icmp-host-prohibited-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN-A syn-flood -j REJECT --reject-with icmp-port-unreachableCOMMIT

# iptables-restore < /etc/iptables.rules#使防火墙规则生效

# vi /etc/network/if-pre-up.d/iptables#创建文件, add the following to enable the firewall to boot

#!/bin/bashiptables-restore < /etc/iptables.rules

# chmod +x /etc/network/if-pre-up.d/iptables#添加执行权限

# iptables -L -nSee if the rule is in effect.

Ubuntu 14.04 Configuration iptables Firewall