Monday, April 29, 2024
Homepage · server
 Popular · Latest · Hot · Upcoming
3
rated 0 times [  3] [ 0]  / answers: 1 / hits: 2117  / 2 Years ago, sat, may 28, 2022, 2:55:38

Can Ubuntu be configured as a firewall server , if yes how ? , if no why ?


More From » server
 Answers
6

The built-in Ubuntu Firewall called Iptable. By default iptable allows all traffic. So, you need to configure based on your needs :)



Here Is Basic Commands on Iptable



Typing



sudo iptables -L


lists your current rules in iptables. If you have just set up your server, you will have no rules, and you should see



Chain INPUT (policy ACCEPT)

target     prot opt source               destination         



Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination


Please see the whole how to on help.ubuntu.com



A simple iptables script



#!/bin/bash

# flush all chains

iptables -F

# set the default policy for each of the pre-defined chains

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# allow establishment of connections initialised by my outgoing packets

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# drop everything else

iptables -A INPUT -i eth+ -p udp -j DROP

iptables -A INPUT -i eth+ -p tcp -m tcp --syn -j DROP

# accept anything on localhost

iptables -A INPUT -i lo -j ACCEPT


I have network interfaces on eth0 and eth1, so this script has rules which cover both; if your interfaces have different names, you will need to edit the rules to cover that. This drops everything incoming, except for connections which were initially established by my outgoing packets (thanks Luke! - see comments); which means it's no good for servers.



I put this script in /opt/scripts/iptables.script and made it executable. Once you run it, you can find out whether it has worked by displaying your current iptables rules with:



sudo iptables -L -v


I then created a simple init script to start/stop the firewall in /etc/init.d/firewall:



#!/bin/bash

if [[ $1 == start ]] ; then

  sudo /opt/scripts/iptables.script

else

  sudo iptables -F

fi


Then I symlinked this into my /etc/rc.* directories using the update-rc.d tool, so the firewall starts before the network comes up:



update-rc.d firewall start 20 2 3 4 5 . stop 99 0 1 6 .


Source



Hope this help :)


[#40552] Monday, May 30, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
imberst
Add To Favorites
Follow
Total Points: 370
Total Questions: 107
Total Answers: 123
Location: French Polynesia
Member since Tue, Jul 7, 2020
4 Years ago
;