Enabling IP Tables
Configuration
iptables -L
in the command line. Next enter iptables -P INPUT ACCEPT
this will allow iptables to accept all rules. After all rules have been allowed, you will flush out all old rules through the command
iptables -F
.After flushing the old rules the iptables database will need to be wiped to ensure nothing is left over this is done by entering the command:
iptables -X
.Now that iptables has been wiped and flushed, we will begin setting up our new rules
man iptables
into the command line, this will give you some insight into some of the options inside IP Tables.- If you do not have root access enter
sudo iptables -A INPUT -i lo -j Accept
. This command will allow localhost to loopback into your local network. - Next you will enter
sudo iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
This command will allow DNS Lookup. - Next enter your internal IP Address and the command
sudo iptables -A INPUT -s (Internal IP Address/32) -j ACCEPT
. This will allow your internal IP Address to be whitelisted. - Next enter
sudo iptables -A OUTPUT -P icmp --icmp-type echo-request -j DROP
. This command will allow the server to see the pings but will not respond back, this is very good for troubleshooting. - Next enter
sudo iptables -P INPUT DROP
This command will drop everything else. - Next enter
sudo iptables -L
this will list all entries currently on the device
Final Thoughts
This setup is a simplified version, and can be made very complex by changing the order of how the rules are created.