[ubuntu-uk] IPTABLES

Andy Smith andy at lug.org.uk
Fri Apr 18 13:15:01 BST 2008

Hi Chris,

On Fri, Apr 18, 2008 at 11:51:19AM +0100, Chris Rowson wrote:
> Just a quicky. I've been mucking around with iptables for a while, but I'm
> still a bit shaky with them. Would anyone mind checking this over for me
> please?

Looks pretty good.  I would add RELATED to the ESTABLISHED bit so
that it also works for protocols other than TCP, and I'd put that
line first so that packets exit the firewall sooner (most packets
will match an established or related flow).


echo "Applying firewall rules"
iptables -F
iptables -A INPUT -p tcp -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -j DROP
echo "Rules applied"

You may then want to restrict teh ssh line to SYN packets since if it's
not a SYN it shouldn't have got that far, but that's just being

> On a side note, I've added a symbolic link called S95firewall to this script
> in /etc/rc2.d/, but it doesn't seem to run this script at startup? Any ideas
> what I'm doing wrong?

Not sure, but I usually prefer to do it from

iface eth0 inet static
        pre-up  /etc/iptables.sh


http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20080418/0f65f0af/attachment.pgp 

More information about the ubuntu-uk mailing list