Server Topic
   >  Introduction to Firewalls
   >  Listing Firewall Rules
   >  Changing Default Rules
   >  Changing Specific Rules
   >  Example Firewall Script

 

Changing the Default Firewall Rules

Changing the Default Firewall Rules

To change the current default firewall rules, use the following syntax:

$ sudo iptables -P <category> <ACCEPT|DROP>

For example, to stop all inbound traffic:

$ sudo iptables -P INPUT DROP

If you list out your firewall rules following this, you should see that the INPUT policy has been changed to "DROP":

$ sudo iptables -P INPUT DROP
$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Note: the command options are case sensitive

Generally, the recommended defaults should be as follows:

  • INPUT: DROP (-i.e. no-one can access your machine unless explicitly allowed)
  • FORWARD: DROP (-unless the machine is a router)
  • OUTPUT: ACCEPT (i.e. you can access anything that will allow


HomeSite IndexDesktop GuideServer GuideHints and TipsHardware CornerVideo SectionContact Us

 sitelock verified Firefox Download Button