Getting started with iptables in Linux

Valic —  June 2, 2010 — Leave a comment

Linux machines are known to be pretty secure.

Studies have shown that Linux has been designed in a secure manner. Yet, despite all the security features that come bundled with a Linux installation, you need to configure these features correctly to make them work for you. I’ll guide you through the process of setting up of one of the tools that help secure your machine – the firewall. We will use the iptables firewall for this exercise. I am assuming that you are using a server running Red Hat Enterprise Linux 4 or similar. However, most of the steps should work fine on other Linux distributions as well. In this article we will setup a firewall on a Linux server running the Apache Web Server, FTP, and SSH.

Let us first see what ports these applications use and which of them need to have a port open on the firewall.

The Apache web server runs on port 80 by default. Apache is going to server all our web content on this port, therefore we need to keep this port open on the firewall. The SSH service runs on port 22. We need to be able to remotely connect to our server to work, so we keep it open. FTP runs on port 21 and it too needs the port to be open to communication.

Next, make sure you have iptables installed. Run this command as the root user:

apt-cache search iptables

If you have iptables installed the system should give you the version of iptables you have installed. In case you don’t you can try something like the following to get it and start it:

apt-get install iptables

/etc/init.d/iptables start

To check what kind of configuration iptables is currently running with:

iptables –save

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

This command will list out all the firewall rules that have been set currently. I will proceed with the assumption that you do not have any firewall rules in your iptables configuration. Let’s now configure the firewall to allow open communication on the ports 80 for your web server, 22 for SSH, and port 21 for FTP. We’ll also make sure that we block communication to any port other than specified.

Here’s a firewall script configuration script. Create a new file and call it iptable-firewall.sh. Copy the following text into it:

#!/bin/sh

ANY=”0/0″

OPEN_PORTS=”21 22 80″

iptables -P INPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -P OUTPUT ACCEPT

# Flush (-F) all specific rules

iptables -F INPUT

iptables -F FORWARD

iptables -F OUTPUT

for port in $OPEN_PORTS

do

iptables -A INPUT -i eth0 -p tcp -s $ANY -d $ANY –destination-port $port –syn -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -s $ANY -d $ANY –destination-port $port –syn -j ACCEPT

done

iptables -A INPUT -i eth1 -p icmp -s $ANY -d $ANY -j ACCEPT

#Allow any related/established connections

iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth1 -m state –state ESTABLISHED,RELATED -j ACCEPT

#Kill everything else

iptables -A INPUT -i eth0 -j DROP

iptables -A INPUT -i eth1 -j DROP

#write for boot

iptables-save > /etc/sysconfig/iptables

Now save the above file, grant it executable permissions and then run it:

chmod +x iptable-firewall.sh

./iptable-firewall.sh

Now check your firewall rules:

iptables –save

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply