Home > Others

Configure firewall iptables under Debian

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Debian under the iptables Input command immediately after the effective, but after the restart configuration will disappear, you can quickly save the configuration Iptables-save, and then when the power on automatically let iptables automatically load the newly exported configuration file, as follows:

To stop iptables,iptables-f emptying all configuration effects are equivalent to stopping.

Whereis iptables Find the path where Iptables is located.

1, save the iptables configuration to/etc/iptables, this file name can be defined by itself, and the following configuration is consistent

Iptables-save >/etc/iptables

2. Create a self-boot profile and grant permission to execute it

Iptables-save >/etc/iptables

3. Edit the self-boot configuration file to restore the Iptables configuration when starting the network

Vi/etc/network/if-pre-up.d/iptables

The contents are:

#!/bin/sh

/sbin/iptables-restore </etc/iptables

Save and exit. After this reboot, the iptables automatically loads the rules.

# #注意: Re-export the configuration file after the next time you modify the iptables rule.


#清空配置

Iptables-f

Iptables-x

Iptables-z

#配置, no-go, allow-out, allow loopback NIC

Iptables-p INPUT DROP

Iptables-a output-j ACCEPT

Iptables-a input-i lo-j ACCEPT

#允许ping

Iptables-a input-p icmp-j ACCEPT

#允许ssh

Iptables-a input-p TCP--dport 22-j ACCEPT

#允许ftp

Iptables-a input-p TCP--dport 21-j ACCEPT

Iptables-a input-p TCP--dport 20-j ACCEPT

#允许ftp被动接口范围, in the FTP configuration file can be set

Iptables-a input-p TCP--dport 20000:30000-j ACCEPT

#学习felix, set the SMTP cost to

Iptables-a input-p tcp-m tcp--dport 25-j accept-s 127.0.0.1

Iptables-a input-p tcp-m TCP--dport 25-j REJECT

#允许DNS

Iptables-a input-p tcp-m TCP--dport 53-j ACCEPT

Iptables-a input-p udp-m UDP--dport 53-j ACCEPT

#允许http和https

Iptables-a input-p TCP--dport 80-j ACCEPT

Iptables-a input-p TCP--dport 443-j ACCEPT

# allow established or connected passes

Iptables-a input-m State--state established,related-j ACCEPT

#禁止其他未允许的规则访问

Iptables-a input-j REJECT # (Note: If the 22 port is not joined to the Allow rule, the SSH link will be disconnected directly.) )

Iptables-a forward-j REJECT

#保存配置

Iptables-save >/etc/iptables


Since Debian installs iptables after the default is not service prompt services Iptables prompt unrecognized service, need to add script to/etc/init.d/, the script is as follows

It is recommended that you save it as/etc/init.d/iptables, and then chmod +x/etc/init.d/iptables add run permissions.


#!/bin/sh-e

# # # BEGIN INIT INFO

# Provides:iptables

# Required-start:

# Required-stop:

# Default-start:2 3 4 5

# default-stop:0 1 6

# Short-description:start and stop iptables firewall

# Description:start, stop and save Iptables firewall

# # # END INIT INFO


Path= "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"

Iptables=/sbin/iptables

Iptables_save=/sbin/iptables-save

Iptables_restore=/sbin/iptables-restore

Iptables_config=/etc/iptables.conf


[-X $IPTABLES] | | Exit 0

. /lib/lsb/init-functions


Case "$" in

Start

Log_action_begin_msg "Starting Firewall"

Type Usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" | | True

If $IPTABLES _restore < $IPTABLES _config; Then

Log_action_end_msg $?

Else

Log_action_end_msg $?

Fi

Type Usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" | | True

;;


Stop

Log_action_begin_msg "Saving current firewall Configuration"

If $IPTABLES _save > $IPTABLES _config; Then

Log_action_end_msg $?

Else

Log_action_end_msg $?

Fi

Log_action_begin_msg "Flushing all firewall rules from chains!"

If $IPTABLES-F; Then

Log_action_end_msg $?

Else

Log_action_end_msg $?

Fi

Log_action_begin_msg "Deleting all firewall chains [warning:accepting all PORT services!]"

if $IPTABLES-X; Then

$IPTABLES-P INPUT ACCEPT

$IPTABLES-P FORWARD ACCEPT

$IPTABLES-P OUTPUT ACCEPT

Log_action_end_msg $?

Else

Log_action_end_msg $?

Fi

;;


Save

Log_action_begin_msg "Saving current firewall Configuration"

If $IPTABLES _save > $IPTABLES _config; Then

Log_action_end_msg $?

Else

Log_action_end_msg $?

Fi

;;


Force-reload|restart)

Log_action_begin_msg "Reloading firewall configuration [warning:potential NETWORK insecurity DURING RELOAD]"

$IPTABLES-F

$IPTABLES-X

If $IPTABLES _restore < $IPTABLES _config; Then

Log_action_end_msg $?

Else

Log_action_end_msg $?

Fi

;;


*)

echo "Usage:/etc/init.d/iptables {start|stop|save|restart|force-reload}"

Exit 1

;;

Esac


Exit 0


Configure firewall iptables under Debian

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
debian iptables persistent debian stop iptables how to configure iptables debian install iptables debian iptables save firewall linux iptables server firewall iptables

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More