iptables

[Luiz L. Marins]

Simple firewall to one machine:


1)

/cd /usr/local/bin/



2)

sudo nano
/
//(copy an//d paste//)/

#!/bin/sh
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP


3)

Control + O

*write name > */firewall.sh/

Enter

**to close >* Control + *x*
*

**

/chmod +x firewall.sh/





4)

sudo nano /etc/rc.local

**before* "exit 0? *write:
**

**//usr/local/bin/firewall.sh

/

/
5)
/

Control + O

Enter

**to close >* Control + O*


6)

/sudo reboot/



7)

to see if it is working:/
/

/sudo lsmod/





Em 07-12-2012 08:59, Tom H escreveu:
> On Thu, Dec 6, 2012 at 6:26 PM, JD <jd1008 at gmail.com> wrote:
>> On redhat based linuxes, you enable the firewall by
>> either using the "services" gui or use the command
>> line chkconfig.
>> Once enabled, it always starts at boot(assuming you
>> have set up your firewall rulesfile which is
>> /etc/sysconfig/iptables).
>> As I am indeed new to ubuntu, I need way of
>> "enabling" iptables and thus having it always
>> start at boot automatically.
> To stay as close to what you know from RHEL/Fedora, install
> "iptables-persistent" (it installs an
> "/etc/init.d/iptables-persistent" init script) and set your rules in
> "/etc/iptables/rules.v4". You'll then have the familiar "service
> iptables-persistent stop|start|restart|relaod|save|flush" commands
> available; more or less familiar since there's an added "-persistent".
>
> To use the ifupdown infrastructure, create a "iptables-restore <
> /path/to/iptables/rules" script in "/etc/network/if-pre-up.d/" and
> they'll be loaded when an interface is brought up. Rather than flush
> the rules with a script in "/etc/network/if-post-down.d/", flush them
> at the top of the rule-setting script because, if you have two
> interfaces, bringing one down would leave the other up with no
> iptables rules.
>
> To use the MetworkManager infrastructure, create a script in
> "/etc/NetworkManager/dispatcher.d/". I've only done this once as a
> test in the distant past and all that I remember is that the script's
> very similar to an init script with "case ...".
>
> If you don't mind not using your own current set of rules as is, you
> can use ufw (or its gui frontend, gufw), an Ubuntu-developed frontend
> to iptables, apf-firewall, arno-iptables-firewall, shorewall, or
> (there are probably others) ...
>
> ufw has a command-line interface (the "u" stands for "uncomplicated"
> so it's more straightforward than iptables' commands); "ufw enable"
> for it to start at boot and "man ufw" to find out how to add local
> rules to the default ones. The others have config files to customize
> the default rules that they create.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20121207/3c71e584/attachment.html>