Setup Simple Web Server IPtables Rules To Prevent Common Attacks

There are many things you can do to make sure your website or blog isn’t opened for hackers to come in and steal or destroy your systems. If you’re running a successful online blog, then your site is definitely a target.To prevent some of these simple attacks, you must enable a firewall on the system and properly configure it. And when it comes to firewalls, there’s always a simple most webmasters follow.

The simple rule to follow when configuring your system firewall is to allow only the services that are needed to enable the site to function and block everything else.

This brief tutorial is going to show you how to setup or configure a simple yet effective firewall rules for your systems to stop and prevent common attacks. These rules are better suited for web servers (systems running only web server applications).

These rules also apply to Linux systems using iptables firewall. iptables is a simple firewall installed on most Linux systems by default. It’s used to allow or deny network communications in or out of a system.

The way iptables or any firewall work is simple, in that there’s a list of rules. One rule per line. When a communication is opened to the system, iptables or the firewall in place checks its rules, when the traffic matches a particular rule, that is rule is applied.

 

If the rule is to allow a particular traffic, it will be allowed. And if the rule denies that traffic, it would be denied. It’s that simple.

By default, if a traffic doesn’t match any rule, it’s automatically denied by most firewalls.

So, to get started logon to your system via SSH or directly. Once logged on , run the command below to clear your current iptables configuration.

Doing this will not clear the running configuration until it’s saved. To clear the current config, run the commands below.

<code>iptables -Fcode>

Now that the configuration is cleared, let’s begin adding rules one at a time.

For web servers, it’s comparative to open port 80 or http traffic for either direction (Coming In and Going Out). To do that, run the commands below.

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

The rule above allows all traffic coming in and going out of the server. You cannot block this service or port.

If you’ll be running SSL (Secure socket layer), then run the commands below.

iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Next, enable SSH rule by running the commands below.

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

The rule above allows all traffic coming in and going out of your server on port 22. If you need to limit the systems that can communicate over SSH to the server, you must specify the system IP addresses.

For instance, if you wish to only allow the system with IP address 192.168.1.32 to access your via SSH, run the commands below.

iptables -A INPUT -p tcp -s 192.168.1.32 -m tcp --dport 22 -j ACCEPT

Another rule to prevent common attacks is the one below. This will block most common attacks.

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

Add the rule below to block sym flood attacks

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Finally, add the rules below to allow all out going traffic but block all in coming traffic that don’t match any rules.

iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

That’s it! These rules are optimized for web server only. If you’re running other services, you may want to open those ports as well.

Now run the commands below to save the rules.

service iptables save

Then run the commands below to restart or reload iptables to accept the new rules created.

service iptables reload

Enjoy!

Leave a Reply