配置作为客户机的iptables规则 - ArchLinux
配置作为客户机的iptables规则 - ArchLinux
# cat /proc/version
Linux version 3.7.9-2-ARCH (tobias@T-POWA-LX) (gcc version 4.7.2 (GCC) ) #1 SMP PREEMPT Mon Feb 25 12:04:25 CET 2013
# allow ping & ESTABLISHED,RELATED connectivity
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# ref: cat /etc/iptables/simple_firewall.rules
# allow all traffic from loopback interface
iptables -A INPUT -i lo -j ACCEPT
# only allow ssh port
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# reject all other than above
iptables -A INPUT -j REJECT
# review rules
iptables -nvL
# check where to save
cat /etc/conf.d/iptables
# save rules
iptables-save > /etc/iptables/iptables.rules
REF:
1. IptablesHowTo
https://help.ubuntu.com/community/IptablesHowTo
# cat /proc/version
Linux version 3.7.9-2-ARCH (tobias@T-POWA-LX) (gcc version 4.7.2 (GCC) ) #1 SMP PREEMPT Mon Feb 25 12:04:25 CET 2013
# allow ping & ESTABLISHED,RELATED connectivity
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# ref: cat /etc/iptables/simple_firewall.rules
# allow all traffic from loopback interface
iptables -A INPUT -i lo -j ACCEPT
# only allow ssh port
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# reject all other than above
iptables -A INPUT -j REJECT
# review rules
iptables -nvL
# check where to save
cat /etc/conf.d/iptables
# save rules
iptables-save > /etc/iptables/iptables.rules
# enable & reload rules
systemctl is-enabled iptables.service
systemctl enable iptables.service
systemctl start iptables.service
systemctl reload iptables.service
systemctl status iptables.service
# ref: https://wiki.archlinux.org/index.php/Iptables
REF:
1. IptablesHowTo
https://help.ubuntu.com/community/IptablesHowTo