Iptables
From MEPIS Documentation Wiki
iptables is the command line program used to configure the Linux kernel packet filtering ruleset. It is targeted towards system administrators.
[edit]
Example of firewall configuration using iptables
First you need to make sure that Guarddog doesn't start automatically, you need to remove guarddog entries from runlevels.
#Flush previous iptables rules iptables -F iptables -X iptables -t nat -F iptables -t nat -X
#Drop all packages by default, allow only the ones specified explicitly iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
#Accept trafic to local interface iptables -A INPUT -i lo -j ACCEPT
#Allow Established and Related Connections to pass through iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow ICMP iptables -A OUTPUT -p ICMP -j ACCEPT
#Allow DNS iptables -A OUTPUT -p UDP --dport 53 -j ACCEPT
#Allow SMTP, POP, IMAP, Gmail, Yahoo IM, Freenode, MSN, Gtalk, Ktorrent iptables -A OUTPUT -p TCP --dport 25 -j ACCEPT iptables -A OUTPUT -p TCP --dport 110 -j ACCEPT iptables -A OUTPUT -p TCP --dport 143 -j ACCEPT iptables -A OUTPUT -p TCP --dport 587 -j ACCEPT iptables -A OUTPUT -p TCP --dport 5050 -j ACCEPT iptables -A OUTPUT -p TCP --dport 6667 -j ACCEPT iptables -A OUTPUT -p TCP --dport 1863 -j ACCEPT iptables -A OUTPUT -p TCP --dport 5222 -j ACCEPT iptables -A OUTPUT -p TCP --dport 6881 -j ACCEPT
#Allow browsing HTTP and HTTPS iptables -A OUTPUT -p TCP --dport 80 -j ACCEPT iptables -A OUTPUT -p TCP --dport 443 -j ACCEPT
#Allow FTP iptables -A OUTPUT -p TCP --dport 20 -j ACCEPT iptables -A OUTPUT -p TCP --dport 21 -j ACCEPT
#Allow Related and Established packets to pass through iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
These commands get reset at every reboot, to make the changes permanent you need to create an executable script, that contains these commands, which will get executed at boot time.
