Linux Wytze on 20 Jan 2010 02:21 pm
Basic iptables configuration
Here is a small basic example allowing you to setup your iptables.
First we reset everything. See the man page for exact details on the parameters we use.
iptables -F iptables -Z iptables -X
Create some chains that will provide us with some logging.
iptables -N logdrop iptables -N logreject iptables -N logaccept
Add some rules to these chains.
iptables -A logdrop -j LOG --log-prefix 'DROP: ' --log-level warning iptables -A logdrop -j DROP iptables -A logdrop -j LOG --log-prefix 'REJECT: ' --log-level warning iptables -A logdrop -j REJECT iptables -A logaccept -j LOG --log-prefix 'ACCEPT: ' --log-level warning iptables -A logaccept -j ACCEPT
Now you have a basic setup with some logging.
The next step will be to apply your rules and jump to the corresponding chain on a positive match.
You could set the default policies for the INPUT, FORWARD and OUTPUT chains to ACCEPT and add a jump to logdrop at the end of each chain so that any non-matching rules will be automatically dropped.
Small example:
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j logaccept iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j logaccept iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j logaccept iptables -A INPUT -j logdrop iptables -A FORWARD -j logreject