Iptables setting Firewall Debian Linux

Managed-FirewallIptables provides packet filtering, network address translation (NAT) and other packet mangling.

Two of the most common uses of iptables is to provide firewall support and NAT.

Configuring iptables manually is challenging for the uninitiated. Fortunately, there are many configuration tools (wizards) available to assist: e.g., fwbuilder, bastille, ferm (wiki page), ufw (Uncomplicated Firewall, from Ubuntu).

Viewing current configuration

See what rules are already configured. Issue this command:

The output will be similar to this:

This allows anyone access to anything from anywhere.

Storing iptables rules in a file

Note: there is a package designed to help with this: iptables-persistent

Let’s tighten that up a bit by creating a test iptables file:

In this file enter some basic rules:

That may look complicated, but look at each section at a time. You will see that it simply shuts all ports except the ones we have allowed – which in this case are ports 80 and 443 (the standard web browser ports) and the SSH port defined earlier.

Activate these new rules:

And see the difference:

Now the output tells us that only the ports defined above are open. All the others are closed.

Once you are happy, save the new rules to the master iptables file:

To make sure the iptables rules are started on a reboot we’ll create a new file:

Add these lines to it:

The file needs to be executable so change the permissions:

Note: This HOWTO had been contributed by user Geejay to wiki.openvz.org as a part of installing container howto.