iptables -F iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth+ -p tcp -m tcp --dport 22 -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
Then save to a file:
iptables-save >/etc/iptables.rules
Then in your /etc/network/interfaces file in the block for your interface:
pre-up iptables-restore < /etc/iptables.rulesIf you are using network manager, you might want to put a script in dispatcher.d instead of using network/interfaces.
Another alternative is installing the iptables-persistent package, which installs a service that runs iptables-save and iptables-restore against rules in these files (for IPv4 and IPv6):
/etc/iptables/rules.v4 /etc/iptables/rules.v6You can do iptables-save to create those files, or just get the rules the way you want then let the package do it for you:
sudo dpkg-reconfigure iptables-persistent
No comments:
Post a Comment