$ sudo iptables -A INPUT -p tcp -dport 80 -j ACCEPTįinally, let's append a rule to drop any other traffic: $ sudo iptables -A INPUT -j DROP The only thing different we'll do here is set port 80 manually (although we could use "http" instead of defining "80"). Next, we can allow regular web traffic (port 80). -j ACCEPT - Set it to accept traffic to the input chain when using tcp on the ssh port.-dport ssh - Apply the rule to the port used by SSH (22).-p tcp - Apply the rule to the tcp protocol.-A INPUT - Append a rule to the "input" chain.This will allow incoming SSH (port 22) traffic: sudo iptables -A INPUT -p tcp -dport ssh -j ACCEPT The first rule that matches the type of traffic will be used. Since each rule in a chain followed in order, it's important that the rules are setup in proper order. You can manage firewall rules in each chain by using the commands to append, insert or remove rules. RedHat/CentOS servers tend to DENY all traffic in each chain by default. Debian/Ubuntu servers tend to come with all chains open to all traffic - set to ACCEPT. You can define a default behaviour for each chain - either to ACCEPT all traffic, or DENY all traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |