There is a lot of things you can do to protect yourself on the internet. One of them is using a firewall. In this post, we are going to configure a firewall for a Debian based Linux distros using iptables.
First, an advice. If you are working remotely (ssh) on a system, be sure to not lock yourself out of the system while playing with this. :) See below for instructions.
Ok now let’s start the configuration. To make sure we are working with a fresh set of rules, we are going to flush the current ones.
This next step is only required if you are using a remote connection (ssh).
You need to add a rule to accept yourself. Otherwise, you are going to be locked outside the machine.
-s <ip> is optional. Use it only if you want to control connections by IP:
Next, we are going to add a protection against common attacks:
Great! We have protection! The next step is optional. We are going to setup the http and https port for a web server. It is usually a good idea to keep these ports closed if you do not intend to use them.
If you do not use IPV6, I recommend closing the connections.
Next, we close all the incoming connections and accept only the established ones (the ones we ask):
By default our new settings are going to be erased every time we restart the system. To make them permanent, we need to install a new tool called iptables-persistent:
It can be a repetitive task to do all these commands every time we start a new machine. This is why I have created this bash program to help us:
Once you have learned the commands, you can clone the repos and execute all of them with