This brief tutorial is going to show you how to setup or configure a simple yet effective firewall rules for your systems to stop and prevent common attacks. These rules are better suited for web servers (systems running only web server applications).
These rules also apply to Linux systems using iptables firewall. iptables is a simple firewall installed on most Linux systems by default. It’s used to allow or deny network communications in or out of a system.
The way iptables or any firewall work is simple, in that there’s a list of rules. One rule per line. When a communication is opened to the system, iptables or the firewall in place checks its rules, when the traffic matches a particular rule, that is rule is applied.
If the rule is to allow a particular traffic, it will be allowed. And if the rule denies that traffic, it would be denied. It’s that simple.
By default, if a traffic doesn’t match any rule, it’s automatically denied by most firewalls.
So, to get started logon to your system via SSH or directly. Once logged on , run the command below to clear your current iptables configuration.
Doing this will not clear the running configuration until it’s saved. To clear the current config, run the commands below.
Now that the configuration is cleared, let’s begin adding rules one at a time.
For web servers, it’s comparative to open port 80 or http traffic for either direction (Coming In and Going Out). To do that, run the commands below.
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
The rule above allows all traffic coming in and going out of the server. You cannot block this service or port.
If you’ll be running SSL (Secure socket layer), then run the commands below.
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Next, enable SSH rule by running the commands below.
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
The rule above allows all traffic coming in and going out of your server on port 22. If you need to limit the systems that can communicate over SSH to the server, you must specify the system IP addresses.
For instance, if you wish to only allow the system with IP address 192.168.1.32 to access your via SSH, run the commands below.
iptables -A INPUT -p tcp -s 192.168.1.32 -m tcp --dport 22 -j ACCEPT
Another rule to prevent common attacks is the one below. This will block most common attacks.
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Add the rule below to block sym flood attacks
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Finally, add the rules below to allow all out going traffic but block all in coming traffic that don’t match any rules.
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
That’s it! These rules are optimized for web server only. If you’re running other services, you may want to open those ports as well.
Now run the commands below to save the rules.
service iptables save
Then run the commands below to restart or reload iptables to accept the new rules created.
service iptables reload