Basic iptables configuration for Linux

ByEric Ma

What is a good basic iptables config?

Basic rules needed:

  • Allow incoming TCP to 22 for SSH but blocks all others.
  • Allow outgoing TCP/UDP connections.

You may consider using the following rules as a start:

for tables in iptables ip6tables ; do
    # Flush existing rules
    $tables -F

    # Default policy
    $tables -P INPUT DROP
    $tables -P FORWARD ACCEPT
    $tables -P OUTPUT ACCEPT

    # Allow established inbound connections
    $tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    # Allow icmp
    $tables -A INPUT -p icmp -j ACCEPT

    # Allow all loopback traffic
    $tables -A INPUT -i lo -j ACCEPT

    # Allow inbound SSH connection
    $tables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
done
Read more:

Similar Posts

  • Chinese Charactor Configuration on Fedora 11

    ByEric Ma

    最新的更新版本请看: Fedora 中文字体设置. 使用Linux时我个人倾向使用英文环境系统,而Fedora11在英文环境下中文字体有时会不太好看,经常遇到需要字体优化美化的问题。 以下是我的配置方案,经测试效果还算不错,解决了Fedora 11 中文字体难看的问题: 方案1:使用uming和ukai字体,即AR PL UMing CN等。 关键是使用的字体包如下: 首先要安装这两个字体: cjkuni-ukai-fonts cjkuni-uming-fonts 然后配置一下~/.fonts.conf文件. 使sans-serif serif monospace字体中文使用uming/ukai即可. 我的.fonts.conf文件可以从这里下载(两种选择, 我喜欢前者): https://github.com/zma/config_files 使用Liberation和uming/ukai字体: .fonts.cofn.liberation 使用dejavu和uming/ukai字体: .fonts.conf.dejavu 下载后放到自己的$HOME下改名为.fonts.conf就可以了。 使用uming字体效果如下(请放大后看效果): 方案2:安装文泉驿字体,这个非常简单,安装相应包即可了。 如果喜欢其它的字体选择性的安装上就可以了,只要注意只安装自己需要的就行了。有人使用微软雅黑字体,首先这是侵权的,其次开源的字体做得其实已经很不错了。 最后将字体平滑选项打开, KDE和gnome都有相关设置方法。 以上内容只是针对使用xft字体系统的设置。对于使用核心字体系统的X程序来说字体依然会出现很丑的情况。 下面是针对emacs的设置方法: 首先需要安装这个字体包: xorg-x11-fonts-misc 注意到在中文系统下emacs的中文显示非常好,而在英文环境中去非常差,我们可以利用这一点,在运行emacs前首先将系统环境设为中文即可。 在~/bin/下建立一文件ema 内容如下: #!/bin/bash rm -f ~/.emacs ln -s ~/.emacs.x ~/.emacs LANG=zh_CN.UTF-8 emacs –fullheight -r $* 然后加入执行权限即可: chmod +x…

  • Chrome does not work with ibus

    ByQ A

    Seems the input method on Linux (ibus) does not work well with Chrome. But other programs, e.g. thunderbird, has not problem with ibus at all. What’s wrong with Chrome or ibus? Check whether the “Qt IBus library and Qt input method plugin” is installed. If not, installing it and restarting ibus may help: # yum…

  • How to `cut` a String Using a String as the Delimiter in Bash?

    ByEric Ma

    Is is possible to cut in Linux using a string as the delimiter? cut –delimiter=”delim” -f 1,3 cut reports: cut: the delimiter must be a single character The most closest solution that I find is using awk/gawk: awk -F ‘delim’ ‘{print $1; print $3}’ From the manual: -F fs –field-separator fs Use fs for the…

  • Git: setting a local branch’s upstream tracking branch

    ByQ A

    How to set a local branch’s upstream tracking branch in git? For example, I want to track remote repository ‘origin’ ‘s branch ‘demo’ with the local ‘demo’ branch. You can set tracking information for the current branch (say cur_branch) of upstream branch (say also cur_branch) in remote repository origin with: git branch –set-upstream cur_branch origin/cur_branch…

Leave a Reply

Your email address will not be published. Required fields are marked *