A Quick Guide To Iptables

There is 1 reply in this Thread which was already clicked 2,560 times. The last Post () by master G.

    Another little tip as regards the defaults ports and always changing them (linux pc server)


    I use iptables to block default ports


    iptables -A INPUT -p tcp --dport 21 -j DROP
    iptables -A INPUT -p tcp --dport 22 -j DROP
    iptables -A INPUT -p tcp --dport 23 -j DROP
    iptables -A INPUT -p tcp --dport 25 -j DROP
    iptables -A INPUT -p tcp --dport 4567 -j DROP
    iptables -A INPUT -p tcp --dport 12000 -j DROP
    iptables -A INPUT -p tcp --dport 16000 -j DROP
    iptables -A INPUT -p tcp --dport 16001 -j DROP


    iptables-save


    Lets say you checked your /var/log/auth.log


    Now here is the login file for your server (ssh), lets say someone decided to try and access it or more than one person.


    failed login from lets say 81.40.50.60 and 90.87.35.21


    iptables -A INPUT -s 81.40.50.60 -j DROP
    iptables -A INPUT -s 90.87.35.21 -j DROP


    Again each time you add any rule to iptables you finish with


    iptables-save


    Also advisable to change the default login port in SSH which is 22.



    Now there is a few ways to get the iptable rules to load on startup (reboot and they are gone), I find a very simple method is to simply


    iptables-save >/var/etc/iptables.conf


    You can save them to whatever path you like, just don't save them to /tmp for obvious reasons.


    After a reboot to put iptables back


    iptables-restore </var/etc/iptables.conf


    I find this way if you need to block any user/ports then by adding more users/ports simply


    iptables-save


    Then back iptables up again to your folder.


    You can simply list what ports and ip addys you have banned with


    iptables -L -n



    Yes there is the fail2ban and more than likely other scripts for banning users, hopefully those that want to learn some linux will actually do it manually.


    Your cccam log will also show you any illegal/dodgy login attempts, simply add them, make a mistake, very easy to remove that users IP.



    BTW, don't go blocking your own IP, that would be silly :)


    [UPDATE]


    You can use webmin to save and autostart your rules on boot


    Login to webmin - networking - linux firewall - Now simply click Revert Configuration - Apply - also check Yes to Activate At boot.


    Any time you add a new rule, simply log into webmin and click revert and apply.


    Webmin tut can be found here


    http://linuxsat-support.com/li…webmin-ubuntu-server.html

    • Official Post

    lfc4ever originally posted this here as a reply to CS Tips & Advice, i have copied it here & made it a sticky with his permission as i think it will be very helpful to beginners & explains the process better than most tutorials i have seen. I prefer this method to using any script, good work mate.

  • master G

    Added the Label Article

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login