Your Linux Data Center Experts

With any modern Linux distribution (one using the netfilter/iptables firewall modules), you can setup a quite effective and simple firewall in a few seconds that will protect your machine from outside interference and let you go about your business. Read on for the simple 3 or 4 line iptables firewall.

Here's what you need to type as root on your machine:

/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

/sbin/iptables -A INPUT -j LOG (optional rule)

/sbin/iptables -A INPUT -j REJECT

This assumes you have no firewall loaded. If you do, you might do a:

/sbin/service iptables stop


You can then do a:

/sbin/service iptables save

to save your firewall.

The first rule simply says that iptables should check against connections that you have established going out of your machine and if this packet is related it should be accepted. This allows you to make all your regular connections going out.

The second rule (option) lets you log all the packets that didn't match that first rule. That is, they are not related to any established connection you have made. Note that on a busy network that will generate a lot of log messages.

The final rule simply says to reject everything else.

comments powered by Disqus

Join our other satisfied clients. Contact us today.