Is there a recommended default iptables setup?

server iptables

It is fantastic that you are interested in iptables.

As you can see, however, there is a bit of a learning curve.

The basics are

All services listen on ports. One analogy would be an apartment complex, your ports are analogous to apartment numbers.

Common ports are

FTP - 21

SSH - 22

Apache - HTTP 80 ; HTTPS 443

You can get a complete list of ports from a google search or /etc/services

This might help as well

https://help.ubuntu.com/10.04/serverguide/C/index.html

From there, enter iptables. As a firewall, iptables is one way of limiting access.

Basically you have 3 broad options.

  1. Public servers, ie apache. Here you will allow all traffic and blacklist bad acting IP (spammers)

  2. Private servers, ie ssh. Here you will deny all traffic and white list authorized connections.

  3. Limit. You may allow ping, but only at a certain rate.

If you are new to iptables, you may wish to start with ufw. ufw is a command line front end to iptables and is easier to learn. The syntax is very similar to iptables so it is easy to transition from ufw to iptables.

See:

https://help.ubuntu.com/community/UFW

https://help.ubuntu.com/community/IptablesHowTo

That information should get you started. If you have a problem, feel free to ask a more specific question.

I also have an introductory page to iptables if you like. I have maintained it over the years with feedback from people new to iptables, hope it helps.

http://bodhizazen.com/Tutorials/iptables


The recommended way (for beginners) is to enable ufw which in turn automatically sets up basic iptables rules for you:

sudo ufw enable

Basically this will block all unsolicited packets (for the full list of rules that are set up this way see sudo iptables -L).

To be able to connect to the server, you will have to allow a few ports, for instance

sudo ufw allow 22/tcp

to allow ssh etc.


I recommend that you also add protection against some scan types and unusual (possibly malicious) tcp settings: 


-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE  -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -m state --state INVALID -j DROP

(Via hideandhack.com.)

Related

Automatically mark emails as read in Evolution 3.2.2?
Enable/Disable Passwordless Login/Autologin Via GUI/Command Line
TRIM on an encrypted SSD
Limit theorems in measure theory
Intuition behind the "infinite velocity" of a falling ladder
Dynamically two-coloring a finite graph
Integer Triangle Radicals conjecture
Open mathematical questions for which Numerical Search promising
Surface of the intersection of $n$ balls
Does an iterated exponential $z^{z^{z^{...}}}$ always have a finite period
Let $A$ and $x$ be $n \times n$ and $n \times 1$ matrices, all entries real and strictly positive. Assume that $A^2 x = x$. Show that $A x = x$.
What does the second antiderivative of a function represent?