How To Create Firewall Rules In Linux Commands

RegisterLogin

Webune Forums » Networking » How To Create Firewall Rules In Linux Commands

How To Create Firewall Rules In Linux Commands
Post Description: creating firewall rules is complex, but you can start with the iptables command. you can probably begin with the -l option
Tags: how, to, create, firewall, rules, in, linux, commands
This Post Was Posted On Feb 28, 2010 By Hostman #3212

How To Create Firewall Rules In Linux Commands by Hostman

creating firewall rules is complex, but you can start with the iptables command. you can probably begin with the -L option. for example, you can use this command to list the current configurations in your linux server

iptables -L -t filter

you might get an output that looks like this:

Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             127.0.0.0/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  base-address.mcast.net/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (10 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:hosts2-ns
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

you can use the -P option to set the default CHAIN POLICY

SHELL COMMAND:

iptables -t filer -F FORWARD

SHELL COMMAND:

iptables -t filer -P FORWARD DROP

NOTE: the -p (--protocol) option lets you specify the low-level protocols used

-F, --flush [chain]
Flush the selected chain (all the chains in the table if none is given). This is
equivalent to deleting all the rules one by one.

-Z, --zero [chain]
Zero the packet and byte counters in all chains. It is legal to specify the -L,
--list (list) option as well, to see the counters immediately before they are
cleared. (See above.)

-N, --new-chain chain
Create a new user-defined chain by the given name. There must be no target of that
name already.

-X, --delete-chain [chain]
Delete the optional user-defined chain specified. There must be no references to the
chain. If there are, you must delete or replace the referring rules before the chain
can be deleted. The chain must be empty, i.e. not contain any rules. If no argument
is given, it will attempt to delete every non-builtin chain in the table.

-P, --policy chain target
Set the policy for the chain to the given target. See the section TARGETS for the
legal targets. Only built-in (non-user-defined) chains can have policies, and nei-
ther built-in nor user-defined chains can be policy targets.

-E, --rename-chain old-chain new-chain
Rename the user specified chain to the user supplied name. This is cosmetic, and has
no effect on the structure of the table.

-h Help. Give a (currently very brief) description of the command syntax.

for example, you can combine multiple items to filter based on several criteria. for example, in ta default/deny configuration you can open traffic to TCP port 445 from the 192.168.1.0/24 network with a single command:

SHELL COMMAND:

iptables -A INPUT -p tcp --dport 445 -s 192.168.1.0/24 -j ACCEPT

Leave Your Comments

Related Pages: [Add Your Website]

Post New Topic

Command to Find Files with SUID and SGID bit set

Does Linux Come With A Firewall Installed?

The Most Common Used Firewall Ports

Location Of Tcp Wrappers File In Linux

Differences Between Intrusion Detection Vs Intrusion Prevention

Please Explain Snort - What Is A Ids?

What Is Tripwire Used For?