When it comes to protecting your Linux server from unauthorized access and malicious activity, iptables stands out as a powerful tool in the network administrators' arsenal. iptables is a general-purpose firewall utility for Linux systems that allows users to define rules and policies for packet filtering and network address translation.
Of course, we know that iptables is now being replaced by nftables, but thousands of servers still use iptables.
And to help you harness the full potential of iptables, we've compiled a list of the 10 most commonly used examples that can improve your server's security.
Allow SSH Access: Ensure secure remote access to your server by allowing SSH connections while blocking all other incoming traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -j DROP
Enable HTTP and HTTPS Traffic: Permit web traffic through ports 80 (HTTP) and 443 (HTTPS) for website hosting:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Block Specific IP Address: Prevent access from a specific IP address by dropping packets originating from it:
sudo iptables -A INPUT -s <IP_Address> -j DROP
Allow Outbound Connections: Allow all outgoing connections while blocking incoming traffic by default:
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
Port Forwarding: Redirect incoming traffic from one port to another, useful for services like forwarding HTTP traffic to a specific port:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port <New_Port>
Limit Connection Rate: Prevent DoS attacks by limiting the rate of incoming connections:
sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
Log Dropped Packets: Log dropped packets for analysis and troubleshooting:
sudo iptables -A INPUT -j LOG --log-prefix "Dropped: "
Allow ICMP Traffic: Permit ICMP (ping) requests for network troubleshooting:
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
Block SYN Flood Attacks: Mitigate SYN flood attacks by limiting the number of concurrent half-open connections:
sudo iptables -A INPUT -p tcp --syn -m limit --limit 5/s -j ACCEPT
Clear Rules: Clear all existing rules to start with a clean slate:
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
These examples provide a foundation for creating reliable firewall configurations using IPTABLES. Be sure to configure rules to suit your network's specific requirements and regularly review your firewall settings to ensure optimal security. With IPTABLES you can effectively protect your server from cyber threats.
If after reading this short manual you want to become more familiar with the full power of this tool, you can always refer to the official IPTABLES manual.
You can also read other articles on the topic of security, for example - How to make your website safer for less money?
2024-03-06 07:02