Differences

This shows you the differences between two versions of the page.

--- ubuntu:iptables_rules [2014/08/12 20:25] – created doug
+++ ubuntu:iptables_rules [2019/05/27 13:31] (current) – doug
@@ Line 3: / Line 3: @@
 Here's how I set up a firewall on a server. This is confirmed to work in Ubuntu 10.04, 12.04, and 14.04.
-First of all, ''sudo iptables''''-L -n -v'' will probably show no rules. Right?
+First of all, ''sudo ''''iptables ''''-L ''''-n ''''-v'' will probably show no rules. Right?
 Let's create some rules, starting with this template:
@@ Line 27: / Line 27: @@
 </code>
-Customize this to your heart's content. In this example I'm allowing HTTP access on port 80, restricting SSH access on port 22 so it's only accepted from a particular sample IP (12.34.56.78), and only allowing ICMP traffic from the same sample IP. I'm also adding rules so that loopback and established connections will work correctly.
+Customize this to your heart's content. In this example I'm allowing HTTP access on port 80, restricting SSH access on port 22 so it's only accepted from a particular sample IP (12.34.56.78), and only allowing ICMP traffic from the same sample IP. I'm also adding rules so that loopback and established connections will work correctly. All other traffic is blocked.
 Put your final rules into the file ''/etc/iptables.rules''.
@@ Line 39: / Line 39: @@
 ''sudo vi /etc/network/if-pre-up.d/iptables''
-Put the following into it:
+Put the following into it (replace eth0 with the name of your network interface):
-<code>
+<file>
 #!/bin/sh
-/sbin/iptables-restore </etc/iptables.rules
+if [ "${IFACE}" = eth0 ]; then
-</code>
+    /sbin/iptables-restore < /etc/iptables.rules
+fi
+</file>
 Make it executable:
@@ Line 51: / Line 53: @@
 That should do the trick! Confirm that your firewall rules come up correctly on boot.