This article is to help provide some basic knowledge and information on setting up iptables for the Linux based computers.
For the most part, most Linux flavor computers come with iptables as the firewall resource.
Most of the Linux OS systems are using other firewalls, like firewalld or ufw, but most of them should have iptables as part of the system.
You will need to have sudo or at least root privileges on the machine to execute iptables.
You should have console access to the machine in case you make a mistake with the firewall commands.
For the most part, here is a basic iptables baseline config you may wish to use
This file is just a simple baseline that will do the following:
- Keep the current connections that have been established.
- Allow machines on campus to ping/traceroute the machine.
- Allow SSH connections to the machine
- Allow the machine to talk to itself with regards to its own applications.
- Drop any connections that don't fall under the above conditions.
You can edit this file with additional lines if need be to restrict or open up allowances on the computer if need be.
Once you are sure about what you want the firewall to do, you can load the firewall config by using the following command:
This should load the firewall configuration.
Checking the configuration
You can check the firewall configuration by typing:
What you should see is:
If you need to clear out the firewall settings completely, you can do it with this command:
This will flush out all the rules and leave the system without a firewall.
Source Networks to take into account...
In most cases, you may want to restrict who can connect to the machine, this would be the source computer.
In some cases, you may want to restrict access to the following Networks:
UCSB Campus Network
The UCSB Campus Network is 220.127.116.11/16, this will cover most of the computers on the wired network, including the Campus VPN usage.
UCSB Wireless Network
The UCSB Campus Wireless Network uses
Or you can use 18.104.22.168/16
UCSB ResNet does also reside within the 22.214.171.124/16 subnet.
Here are a few links to check if you wish more information on how to do iptables:
- Man Page for iptables - http://ipset.netfilter.org/iptables.man.html
- Digital Ocean's How-to on iptables - https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
- Digital Ocean's Essential IPTable Commands - https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands
- nixCraft's 25 iptables netfilter firewall examples - https://www.cyberciti.biz/tips/linux-iptables-examples.html