iptables

Tom H tomh0665 at gmail.com
Fri Dec 7 13:36:04 UTC 2012


On Fri, Dec 7, 2012 at 5:51 AM, Luiz L. Marins <luiz.llmarins at gmail.com> wrote:
>
> Simple firewall to one machine:
>
> 1)
> cd /usr/local/bin
>
> 2)
> sudo nano
> (copy and paste)
> #!/bin/sh
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A INPUT -p tcp --syn -j DROP
>
> 3)
> Control + O
> write name > firewall.sh
> Enter
> to close > Control + x
> chmod +x firewall.sh
>
> 4)
> sudo nano /etc/rc.local
> before “exit 0″ write:
> /usr/local/bin/firewall.sh
>
> 5)
> Control + O
> Enter
> to close > Control + O
>
> 6)
> sudo reboot
>
> 7)
> to see if it is working:
> sudo lsmod

This *may* be OK for a desktop; it'll disallow access to a server that
you might be running, like a file share.

I'd also add "ACCEPT" as a policy for "INPUT" and OUTPUT", just in case.

You'll want to check with "iptables -L" or "iptables -S" to "see if it
is working".

You don't need to reboot; you can just run "service rc.local start".




More information about the ubuntu-users mailing list