Luiz L. Marins luiz.llmarins at gmail.com
Fri Dec 7 10:51:09 UTC 2012

Simple firewall to one machine:


/cd /usr/local/bin/


sudo nano
//(copy an//d paste//)/

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP


Control + O

*write name > */firewall.sh/


**to close >* Control + *x*


/chmod +x firewall.sh/


sudo nano /etc/rc.local

**before* "exit 0? *write:




Control + O


**to close >* Control + O*


/sudo reboot/


to see if it is working:/

/sudo lsmod/

Em 07-12-2012 08:59, Tom H escreveu:
> On Thu, Dec 6, 2012 at 6:26 PM, JD <jd1008 at gmail.com> wrote:
>> On redhat based linuxes, you enable the firewall by
>> either using the "services" gui or use the command
>> line chkconfig.
>> Once enabled, it always starts at boot(assuming you
>> have set up your firewall rulesfile which is
>> /etc/sysconfig/iptables).
>> As I am indeed new to ubuntu, I need way of
>> "enabling" iptables and thus having it always
>> start at boot automatically.
> To stay as close to what you know from RHEL/Fedora, install
> "iptables-persistent" (it installs an
> "/etc/init.d/iptables-persistent" init script) and set your rules in
> "/etc/iptables/rules.v4". You'll then have the familiar "service
> iptables-persistent stop|start|restart|relaod|save|flush" commands
> available; more or less familiar since there's an added "-persistent".
> To use the ifupdown infrastructure, create a "iptables-restore <
> /path/to/iptables/rules" script in "/etc/network/if-pre-up.d/" and
> they'll be loaded when an interface is brought up. Rather than flush
> the rules with a script in "/etc/network/if-post-down.d/", flush them
> at the top of the rule-setting script because, if you have two
> interfaces, bringing one down would leave the other up with no
> iptables rules.
> To use the MetworkManager infrastructure, create a script in
> "/etc/NetworkManager/dispatcher.d/". I've only done this once as a
> test in the distant past and all that I remember is that the script's
> very similar to an init script with "case ...".
> If you don't mind not using your own current set of rules as is, you
> can use ufw (or its gui frontend, gufw), an Ubuntu-developed frontend
> to iptables, apf-firewall, arno-iptables-firewall, shorewall, or
> (there are probably others) ...
> ufw has a command-line interface (the "u" stands for "uncomplicated"
> so it's more straightforward than iptables' commands); "ufw enable"
> for it to start at boot and "man ufw" to find out how to add local
> rules to the default ones. The others have config files to customize
> the default rules that they create.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20121207/3c71e584/attachment.html>

More information about the ubuntu-users mailing list