A firewall is the first line of defense for any host on a network and will block most incoming attacks. In Linux firewall rules are set with iptables. Setting up iptables for the first time can be complex and most people that I know about that begin with Linux do not setup a basic firewall for this reason. This is a pity as setting up some basic firewall rules is easy and should only take you about 15 minutes.
Below I will describe the setup of a basic firewall in Debian Linux. We will also configure the firewall rules in such a way that they load when the computer is booted.
First we will create a file that will store the firewall rules. This file will be used to load the iptable rules after the computer is booted. We will call the file ‘iptables.conf’.
First we will check if there are any iptable rules active. To do this enter the following command.
You should get an output like the one below.
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
As you can see we are accepting everything from everyone at the moment. If you get another output than the one above make sure to clear your iptable configuration first with the following commands.
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F iptables -X
Then check the rules again with ‘iptables -L’ to see if you get an output without any rules defined.
Now we will edit the file ‘/etc/iptables.conf’ we created earlier and add some iptable rules to the file so we can get a basic firewall working. First we open the file.
Now copy and paste the following code in ‘/etc/iptables.conf’
*filter # This will allow all loopback (lo0) traffic and drop all traffic to 127/8 # that does not use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT # This accepts all already established connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # This allows all outbound traffic -A OUTPUT -j ACCEPT # This will allow HTTP and HTTPS connections from anywhere, this are the normal # ports used for a web server -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allow SSH connections -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow ICMP ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Reject all other inbound traffic -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
Now we will apply the rules with the following command. If you are done you can check the changes again with ‘iptables -L’
iptables-restore < /etc/iptables.conf
Now we need to ensure that the iptable rules are set when we reboot the Pc. At the moment the changes will be lost and it will go back to allowing everything from everyone. Open the following file ‘/etc/network/interfaces’.
Now add the following line ‘pre-up iptables-restore < /etc/iptables.conf’ just after ‘iface lo inet loopback’ as sown below. Notice that the output of the file is omitted.
auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.conf # The primary network interface
The only thing left to do is testing the firewall rules. We will do this by shutting down and rebooting the system.
shutdown -r now
After the system is rebooted and you are logged back in issue the ‘iptables -L’ command to check if your rules are loaded upon system startup.
There you did it! You have just setup a very basic firewall that blocks all incoming traffic except for SSH (port 22) HTTP (port 80) and HTTPS (port 443). It was not hard was it? And it only took a few minutes!
You might have noticed I do not block any outbound traffic. Why I decide to do this is explained in a blog post here.