Creating just the required IPTABLES rules from scratch

This is a challenging task to create the perfect iptables rules allowing only the required traffic.

Before making any changes in the iptables ensure that you have console access to the host so that you will not get locked out.

Steps involved in the process:

  • Start all intended service in the server host such as http, ssh, etc
  • Start IPTABLES service in the server host
  • Flush all iptables rules
  • Reset all chains to DROP all traffic
  • Enable logging to see the connections getting dropped
  • Keep trying to establish connection from a client machine to connect to the services on the server host.
  • Check the logs to identify the blocked connection
  • Write iptable rules just to allow the connections dropped as per the logs
  • Save the iptables rules

IPtables basics

Resetting all chains to DROP all traffic:

  • iptables -P OUTPUT DROP
  • iptables -P INPUT DROP
  • iptables -P FORWARD DROP

Enable logging:

  • iptables -N LOGGING
  • iptables -A INPUT -j LOGGING
  • iptables -A OUTPUT -j LOGGING
  • iptables -A LOGGING -m limit –limit 2/min -j LOG –log-prefix “IPTables-Dropped: ” –log-level 4
  • iptables -A LOGGING -j DROP
  1. iptables -N LOGGING: This creates a new chain called LOGGING
  2. iptables -A <INPUT,OUTPUT> -j LOGGING: All the remaining incoming packets will jump to the LOGGING chain
  3. line No 4: This will write packets dropped to the default syslog, which is /var/log/messages
  4. iptables -A LOGGING -j DROP: Drop all the packets that came to the LOGGING chain

Be the first to comment on "Creating just the required IPTABLES rules from scratch"

Leave a comment