Install and configure the iptables firewall in the debian system

Source: Internet
Author: User
No firewall is enabled for debian by default. Step 1: run the following command to install sudoapt-getinstalliptables. Step 2: view the current configuration information of Iptables. you can run the following command to view sudoiptables-L. Step 3: Configure Iptables to configure Iptables, we first save a basic Iptables rule article. this debian installation does not enable the firewall by default.

Step 1: run the following command to install the SDK:
Sudo apt-get install Iptables

Step 2: view the current configuration of Iptables
You can use the following command to view
Sudo iptables-L

Step 3: Configure Iptables
To configure Iptables, we first save a basic Iptables rule article, which is used for testing.
Sudo vim/etc/iptables. test. rules
Enter the following rule content in this article, which is the basic configuration officially provided by debian.
* Filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A input-I lo-j ACCEPT
-A input-I! Lo-d 127.0.0.0/8-j REJECT
# Accepts all established inbound connections
-A input-m state -- state ESTABLISHED, RELATED-j ACCEPT
# Allows all outbound traffic
# You cocould modify this to only allow certain traffic
-A output-j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal portsfor websites)
-A input-m state -- state NEW-m tcp-p tcp -- dport 9090-jACCEPT
-A input-p tcp -- dport 80-j ACCEPT
-A input-p tcp -- dport 443-j ACCEPT
# Allows SSH connections for script kiddies
# THE-dport number is the same one you set up in the SSHD_CONFIGFILE
-A input-p tcp-m state -- state NEW -- dport 22-j ACCEPT
# Now you shoshould read up on iptables rules and consider whether sshaccess
# For everyone is really desired. Most likely you will only allowaccess from certain IPs.
# Allow ping
-A input-p icmp-m icmp -- icmp-type 8-j ACCEPT
# Log iptables denied Cils (access via 'dmesg' command)
-A input-m limit -- limit 5/min-j LOG -- log-prefix "iptablesdenied:" -- log-level 7
# Reject all other inbound-default deny unless explicitly allowedpolicy:
-A input-j REJECT
-A forward-j REJECT
COMMIT
Save this file and load the rule to make it take effect. Note that iptables does not need to be restarted, and once the rule is loaded, it becomes
Sudo iptables-restore </etc/iptables. test. rules
Then check the latest configuration. all settings should take effect.
Sudo iptables-L

4. Save the effective configuration so that the valid configuration is automatically loaded when the system restarts.
Iptables allows you to save the currently running rules.
Iptables-save>/etc/iptables. up. rules
Note: If the current user is not the root user, even if sudo is used, you will be prompted that you do not have the permission to save it. therefore, to execute this command, you must use the root user.
You can use sudo-I to quickly switch to the root account. use su username to switch to the common account in time.
To automatically load rules after the server is restarted, create the following file:
Sudo vim/etc/Networking/if-pre-up.d/iptables
The content is as follows:
#! /Bin/bash
/Sbin/iptables-restore </etc/iptables. up. rules
Finally, set this article to be executable only
Chmod + x/etc/net/if-pre-up.d/iptables

Fifth: Others
If you want to set an ip segment to access all services, you need to add
-A input-m iprange -- src-range 192.168.1.1-192.168.1.199-jACCEPT
Then, set it again in step 3. Note that iptables. test. rules is not required. it only allows you to better test the modification.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.