IPTables
Internet Connection Sharing using UFW
sudo apt-get install ufw sudo ufw enable sudo ufw allow from 192.168.1.0/29
sudo nano /etc/default/ufw DEFAULT_FORWARD_POLICY="ACCEPT"
sudo nano /etc/ufw/sysctl.conf net/ipv4/ip_forward=1 net/ipv6/conf/default/forwarding=1
sudo nano /etc/ufw/before.rules
Add rules for nat table
*nat :POSTROUTING ACCEPT [0:0]
Forward traffic from eth0 through ppp0
-A POSTROUTING -s 192.168.1.0/29 -o ppp0 -j MASQUERADE
Commit preceding nat table rules
COMMIT
sudo service ufw restart
UFW/GUFW
Installation
sudo apt-get install gufw gufw
To check your current settings:
sudo ufw status verbose
To add firewall rules:
sudo ufw deny 5353/udp sudo ufw deny 5900/tcp sudo ufw deny 22 sudo ufw deny 25/tcp sudo ufw deny 135,139,445/tcp sudo ufw deny 137,138/udp sudo ufw deny 110 sudo ufw deny 2049 sudo ufw deny 143 sudo ufw deny 21/tcp
Re-check your changes:
sudo ufw status verbose
Re-check enable (required):
sudo ufw enable
Receive the UDP multicast traffic
sudo ufw allow in proto udp to 224.0.0.0/4 sudo ufw allow in proto udp from 224.0.0.0/4
This will take care of the coming and going UDP packets, but you also need to allow IGMP packets through:
sudo nano /etc/ufw/before.rules
and add the following lines somewhere before the COMMIT line:
# allow IGMP -A ufw-before-input -p igmp -d 224.0.0.0/4 -j ACCEPT -A ufw-before-output -p igmp -d 224.0.0.0/4 -j ACCEPT
One-Liners
Task | Command |
---|---|
List rules | iptables -L |
Allow SSH | iptables -A INPUT -p tcp --dport ssh -j ACCEPT |
Allow incoming web traffic | iptables -A INPUT -p tcp --dport 80 -j ACCEPT |
Blocking Traffic | iptables -A INPUT -j DROP |
Allow loopback | iptables -I INPUT 1 -i lo -j ACCEPT |
Logging | iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 |
Saving rules | iptables-save iptables-restore |
Stop iptables | iptables -F |
{{#widget:DISQUS
|id=networkm
|uniqid=IPTables
|url=https://aman.awiki.org/wiki/IPTables
}}