Setting up a firewall with IPtables
We touched upon iptables
a little while discussing NAT, but now we're going to go a bit deeper into configuring a secure firewall for your network.
How to do it…
A properly configured firewall should be configured in a default deny configuration with specific allows (Whitelist) for what you want to accept:
# iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -p tcp --dport 22 -j ACCEPT # iptables -P INPUT DROP # iptables -P FORWARD DROP # iptables -P OUTPUT ACCEPT # iptables -A FORWARD -i eth0 -j ACCEPT # iptables -t nat -A POSTROUTING -o eth2 \ -j MASQUERADE # iptables -A FORWARD -i eth2 -o eth0 -m \ state --state RELATED,ESTABLISHED -j ...
Get Linux Networking Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.