Server Topic
   >  Introduction to Firewalls
   >  Listing Firewall Rules
   >  Changing Default Rules
   >  Changing Specific Rules
   >  Example Firewall Script

 

Adding Specific Firewall Rules

Adding Specific Firewall Rules

Once you have defined the default firewall rules, you will need to add the specific rules using the add (-A) option. The general syntax being:

$ sudo iptables -A <match criteria> -j  <ACCEPT|DROP>

The match criteria you can use is very flexible - here is a flavour of just some of the options you can use (-for a full list, type man iptables from the command line):

  • -i (input interface): the name of the interface to able this rule to (-for example, "lo" for localhost or the name of an interface) such as eth0, etc)
  • -j (action): this is the action to apply and will be either ACCEPT or DROP
  • -m (load module): load the module specified to filter rules
  • -o (output interface): apply the rule to an interface such as eth0 via which a message is sent
  • -s (source): apply this rule to the specific computer name or IP address of a machine (-or set of machines)
  • --state (state): apply this rule to those connection states listed in the comma-delimited list which follows

Note: the above options can be combined in a single rule to specify the exact set you wish to apply the rule to

Here are some examples:

$ sudo iptables -A INPUT -i lo -j ACCEPT (accept all connections from the localhost)

$ sudo iptables -A INPUT -s 192.168.0.0 -j ACCEPT (accept all connections from host 192.168.0.0)

$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (accept all connections from threads established by or in progress from this host)

$ sudo iptables -A INPUT -p tcp -s 192.168.0.0/1 --dport 22 -m state --state NEW -j ACCEPT (accept all new connections on port 22 from 
the servers 192.168.0.0 or 192.168.0.1)

If you require more information, refer to this great online tutorial by Ned Slider


References and Further Reading:


HomeSite IndexDesktop GuideServer GuideHints and TipsHardware CornerVideo SectionContact Us

 sitelock verified Firefox Download Button