Updated on: 5.Dec.2020
To speed up the firewall setup, best is to rely on ufw (uncomplicated firewall) which is a program that will handle the low level configuration in iptables for you.
With UFW
- To install,
sudo apt install ufw
- To check daemon status
- To view the rules
- Update the firewall policies,
- Finally, to enable the ufw
sudo ufw enable
- There is a convenient way to add the ports by adding the app
sudo ufw app list
Then,
sudo ufw allow 'Nginx Full'
sudo ufw allow 'OpenSSH'
With iptables
If you want to handle the low level configuration, you will have to use iptables.
To view the rules in the firewall (where ‘-L’ is list all and ‘-n’ is skip checking with DNS server):
sudo iptables -L -n
To block ip address from accessing the server, add a rule to the firewall:
sudo iptables -A INPUT -j DROP -s 192.168.1.200
To remove the rule
sudo iptables -D INPUT -j DROP -s 192.168.1.200
NOTE: don’t forget to call “sudo iptables-persistent save” to save the changes.
Reference
http://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/
https://help.ubuntu.com/community/IptablesHowTo
To save the firewall rules (prevent the rules lost after server restart), run the following commands. If you are using fail2ban program, try not to install this.
Use the addon => iptables-persistent
sudo apt-get install iptables-persistent
To save the rules:
sudo /etc/init.d/iptables-persistent save
To reload the rules:
sudo /etc/init.d/iptables-persistent reload
The rules are stored in :
/etc/iptables/rules.v4
Reference:
http://askubuntu.com/questions/119393/how-to-save-rules-of-the-iptables
No comments:
Post a Comment