![]() ![]() Make it executable: chmod +x /etc/network/if-pre-up.Bpf-iptables is an eBPF and XDP based firewall, providing same iptables syntax. sbin/iptables-restore < /etc/iptables.up.conf To start iptables on boot, create this file: nano /etc/network/if-pre-up.d/iptables Happy? Save it for real (this and the previous file names are arbitrary, you can pick a different path): iptables-save > /etc/iptables.up.confįor the firewall to be useful, it should always run on boot. Use iptables -L -n to get a 'normal' view without translated port numbers. ![]() Note how known ports such as 80 are shown as http, 443 as https, etc. Save the rules to a test file: sudo iptables-save > /etc/ When done adding rules, check the list in iptables: sudo iptables -L Optionally, allow ping: sudo iptables -A INPUT -p icmp -m icmp -icmp-type 8 -j ACCEPTīlock inbound traffic that is not allowed by any of your rules: sudo iptables -P INPUT DROP Sudo iptables -A INPUT -p tcp -dport 22 -m state -state NEW -j ACCEPTĪdd a line for each port you wish to open, change the port number or tcp/udp where needed. sudo iptables -A INPUT -p tcp -dport 80 -m state -state NEW -j ACCEPT 80 for http, for example, or SSH (default 22). Open a port that you want to be accessible from the outside. Like this:Īllow connections that are, well, ok: sudo iptables -A INPUT -j ACCEPT -m state -state ESTABLISHED,RELATED Install it the regular way: sudo apt-get install iptables
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |