Iptables: Difference between revisions
From James's Wiki
No edit summary |
No edit summary |
||
| Line 10: | Line 10: | ||
allow ssh: | allow ssh: | ||
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | ||
sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT | sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT | ||
delete by number: | delete by number: | ||
sudo iptables -L --line-numbers | sudo iptables -L --line-numbers | ||
sudo iptables -D INPUT 3 | |||
set overall policies: | |||
iptables --policy INPUT ACCEPT | |||
iptables -P FORWARD DROP | |||
iptables -P OUTPUT ACCEPT | |||
references: | references: | ||
https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands | https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands | ||
Revision as of 04:16, 25 February 2018
to save firewall rules use:
sudo dpkg-reconfigure iptables-persistent
or (stretch):
sudo dpkg-reconfigure iptables-persistent
allow ssh:
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
delete by number:
sudo iptables -L --line-numbers sudo iptables -D INPUT 3
set overall policies:
iptables --policy INPUT ACCEPT iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
references:
