Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
info:hosting:basics:firewalls [2018/01/09 12:39] Thibmo |
info:hosting:basics:firewalls [2018/01/09 13:34] Thibmo |
||
---|---|---|---|
Line 5: | Line 5: | ||
On this page we will provide samples based on Linux's IPTables, as this is what's commonly used for Linux webservers. | On this page we will provide samples based on Linux's IPTables, as this is what's commonly used for Linux webservers. | ||
+ | |||
+ | <WRAP center round important> | ||
+ | To follow this example you are required to login as user root.\\ | ||
+ | If you don't have the password of the root user you can use __//sudo//__ instead. | ||
+ | </WRAP> | ||
+ | |||
===== Creating A Persistent Rule File ===== | ===== Creating A Persistent Rule File ===== | ||
Line 40: | Line 46: | ||
-A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT | -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT | ||
# Accept SSH To Host | # Accept SSH To Host | ||
- | # -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | + | -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT |
# Accept IDENT | # Accept IDENT | ||
-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT | -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT | ||
Line 66: | Line 72: | ||
COMMIT | COMMIT | ||
</code> | </code> | ||
+ | |||
+ | ===== Adding more rules ===== | ||
+ | There are plenty of tutorials out there.\\ | ||
+ | Here a few examples:\\ | ||
+ | [[https://www.thegeekstuff.com/2011/06/iptables-rules-examples|thegeekstuff.com]]\\ | ||
+ | [[https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands|digitalocean.com]] | ||
+ | |||
+ | For this configuration file you need to truncate both __//sudo//__ and __//iptables//__ from the start of the command.\\ | ||
+ | To apply these new rules you need to perform one of the following tasks: | ||
+ | * Reload your network stack: <code bash>iptables -F; service networking restart</code> | ||
+ | * Restore the config directly: <code bash>iptables -F; iptables-restore < /etc/iptables.up.rules</code> | ||