Home > Linux > Basic iptables configuration

Basic iptables configuration

January 20th, 2010 Leave a comment Go to comments

Here is a small basic example allowing you to setup your iptables.

First we reset everything. See the man page for exact details on the parameters we use.

iptables -F
iptables -Z
iptables -X

Create some chains that will provide us with some logging.

iptables -N logdrop
iptables -N logreject
iptables -N logaccept

Add some rules to these chains.

iptables -A logdrop -j LOG --log-prefix 'DROP: ' --log-level warning
iptables -A logdrop -j DROP
iptables -A logreject -j LOG --log-prefix 'REJECT: ' --log-level warning
iptables -A logreject -j REJECT
iptables -A logaccept -j LOG --log-prefix 'ACCEPT: ' --log-level warning
iptables -A logaccept -j ACCEPT

Now you have a basic setup with some logging.
The next step will be to apply your rules and jump to the corresponding chain on a positive match.
You could set the default policies for the INPUT, FORWARD and OUTPUT chains to ACCEPT and add a jump to logdrop at the end of each chain so that any non-matching rules will be automatically dropped.

Small example:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j logaccept
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j logaccept
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j logaccept
iptables -A INPUT -j logdrop
 
iptables -A FORWARD -j logreject
Categories: Linux Tags:
  1. plaid
    May 17th, 2010 at 09:35 | #1
    Reply | Quote

    Good article, thanks!

  1. No trackbacks yet.