Linux, Programming, Telephony, Asterisk, Apache, Tips & Tricks » firewall http://shahidz.com Passionate About Technology Sun, 10 Jan 2010 17:38:11 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 Configuring Iptables on system startup http://shahidz.com/configuring-iptables-on-system-startup/ http://shahidz.com/configuring-iptables-on-system-startup/#comments Wed, 03 Dec 2008 08:59:41 +0000 Shahid http://shahidz.com/configuring-iptables-on-system-startup/ In Ubuntu we don’t have a mechanism to start or stop iptables or we don’t have a mechanism to restore iptables after restarting the system. Now we will see how to create a script for start and stop iptables also to make the script to start on system startup.

1. Create a Firewall script

 vim /etc/set_iptables.bash
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 555 -j DNAT --to 192.168.0.12:22
iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.12 --dport 22 -j ACCEPT

2. Change the file permission mod

sudo chmod o+x /etc/set_iptables.bash

3. Create a start.stop script

vim /etc/init.d/iptables
#!/bin/bash

RETVAL=0

# To start the firewall
start() {
  echo -n "Iptables rules creation: "
  /etc/set_iptables.bash
  RETVAL=0
}

# To stop the firewall
stop() {
  echo -n "Removing all iptables rules: "
  /sbin/iptables -F
  RETVAL=0
}

case $1 in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  status)
    /sbin/iptables -L
    /sbin/iptables -t nat -L
    RETVAL=0
    ;;
  *)
    echo "Usage: iptables {start|stop|restart|status}"
    RETVAL=1
esac
exit

4. Change the file permission mod

sudo chmod o+x /etc/init.d/iptables

5. The final step is to make your script running on each boot of your computer:

sudo update-rc.d iptables defaults

Now you can use these commands to start/stop/restart/status your iptables.

sudo /etc/init.d/iptables start
sudo /etc/init.d/iptables stop
sudo /etc/init.d/iptables restart
sudo /etc/init.d/iptables status
Share/Bookmark]]> http://shahidz.com/configuring-iptables-on-system-startup/feed/ 0 ufw – Uncomplicated Firewall http://shahidz.com/ufw-uncomplicated-firewall/ http://shahidz.com/ufw-uncomplicated-firewall/#comments Thu, 23 Oct 2008 16:12:17 +0000 Shahid http://shahidz.com/ufw-uncomplicated-firewall/ Description

ufw is stands for Uncomplicated Firewall, this program is for managing a Linux firewall and aims to provide an easy to use interface for the user, as well as support package integration and dynamic-detection of open ports. ufw  is not intended to provide complete firewall functionality via its command interface, but instead provides an easy way to  add  or  remove simple rules. It is currently mainly used for host-based firewalls.

Installation

$ sudo apt-get install ufw

For help use

$ man ufw

To enable firewall

$ sudo ufw enable

When we enable the firewall it will set firewall with default settings, it will deny ssh ports, telnet and many other services. So when we enable firewall on the remort servers we must enable ssh ports first, this can done using.

$ ufw allow proto tcp from any to any port 22

To disable a firewall

$ sudo sfw disable

Examples

Deny all access to port 53:

$ sudo ufw deny 53

Allow all access to tcp port 80:

$ sudo ufw allow 80/tcp

Allow all access from RFC1918 networks to this host:

$ sudo ufw allow from 10.0.0.0/8
$ sudo ufw allow from 172.16.0.0/12
$ sudo ufw allow from 192.168.0.0/16

Deny access to udp port 514 from host 1.2.3.4:

$ sudo ufw deny proto udp from 1.2.3.4 to any port 514

Allow access to udp 1.2.3.4 port 5469 from 1.2.3.5 port 5469:

$ sudo ufw allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
Share/Bookmark]]> http://shahidz.com/ufw-uncomplicated-firewall/feed/ 0