From MEPIS Documentation Wiki

Jump to: navigation, search

Iptables is a command line program used to configure the Linux kernel packet filtering ruleset. It is targeted towards system administrators.

Example of firewall configuration using iptables

First you need to make sure that Guarddog doesn't start automatically, you need to remove guarddog entries from runlevels.

#Flush previous iptables rules iptables -F iptables -X iptables -t nat -F iptables -t nat -X
#Drop all packages by default, allow only the ones specified explicitly iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
#Accept trafic to and from local interface iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
#Allow Established and Related Connections to pass through iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow ICMP iptables -A OUTPUT -p ICMP -j ACCEPT
#Allow DNS iptables -A OUTPUT -p UDP --dport 53 -j ACCEPT
#Allow SMTP, POP, IMAP, Gmail, Yahoo IM, Freenode, MSN, Gtalk, Ktorrent iptables -A OUTPUT -p TCP --dport 25 -j ACCEPT iptables -A OUTPUT -p TCP --dport 110 -j ACCEPT iptables -A OUTPUT -p TCP --dport 143 -j ACCEPT iptables -A OUTPUT -p TCP --dport 587 -j ACCEPT iptables -A OUTPUT -p TCP --dport 5050 -j ACCEPT iptables -A OUTPUT -p TCP --dport 6667 -j ACCEPT iptables -A OUTPUT -p TCP --dport 1863 -j ACCEPT iptables -A OUTPUT -p TCP --dport 5222 -j ACCEPT iptables -A OUTPUT -p TCP --dport 6881 -j ACCEPT
#Allow browsing HTTP and HTTPS iptables -A OUTPUT -p TCP --dport 80 -j ACCEPT iptables -A OUTPUT -p TCP --dport 443 -j ACCEPT
#Allow FTP iptables -A OUTPUT -p TCP --dport 20 -j ACCEPT iptables -A OUTPUT -p TCP --dport 21 -j ACCEPT
#Allow Related and Established packets to pass through iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

These commands get reset at every reboot, to make the changes permanent you need to create an executable script, that contains these commands, which will get executed at boot time.

Related Mepis Wiki Links

  • Firewall -- Guide to configuring a redundant firewall architecture.
  • Guarddog -- Guarddog graphical iptables editing application.
  • Firestarter -- Firestarter graphical iptables editing application.
  • ufw -- Uncomplicated Firewall (ufw) command line-based iptables editing application.
  • Gufw -- Gufw graphical user interface to the command line interface, ufw, for editing iptables.
  • Enabling Firewall for P2P Applications -- Firewall configuration for P2P applications such as Gnutella, Frostwire, Limewire, etc.
  • Webmin -- Web based system administration tool that contains a module to configure the firewall and routing capabilities of the kernel. Very flexible and powerful but somewhat complex.

Other Related Resources

Personal tools
In other languages