How to do basic iptables setup?

G

Gimpim2015-12-31 01:37:19

linux

Gimpim, 2015-12-31 01:37:19

I am looking for a manual on what mandatory rules it is desirable to prescribe in LINUX, which is on the gateway + HTTP server. I want there to be no children's holes!

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

M

mureevms, 2015-12-31
@mureevms

The minimum set of Iptables rules for typical tasks

O

Oleg Tsilyurik, 2015-12-31
@Olej

Very good entry level description: Iptables

Y

Yuriy Ivanov @Yuriy, 2015-12-31
Ivanov

So that there are no child holes:
apt-get update
apt-get upgrade
and install fail2ban

J

John_Alban, 2016-01-07
@John_Alban

If you want everything at once and quickly, install the ipkungfu and fail2ban packages:
apt-get install fail2ban ipkungfu
# enable fail2ban
/etc/init.d/fail2ban restart
# configure ipkungfu
sudo nano /etc/ipkungfu/ipkungfu.conf
# change the line IPKFSTART = 0 on IPKFSTART = 1 here:
sudo nano /etc/default/ipkungfu
# turn on
sudo ipkungfu
this will give a good basic level of security, as you learn iptables, edit it optimally for your tasks

V

vitaliy_saveliev, 2015-12-31
@vitaliy_saveliev

To begin with, I advise you to deal with the very principle of operation of iptables (2 chapters can be skipped, 1 - diagonally)
https://www.opennet.ru/docs/RUS/iptables/
Then you can follow the policy:
block everything from the uncontrolled zone (except for the tcp port 80, 443), allow everything from the controlled area (local network).
+ as mentioned above, add all fail2ban