A simple iptables config example

Here's my super simple iptables config file.

It will accept SSH, HTTP and ping (ICMP) from anyone. Other inward connections will be dropped.

Outward connections or connections from the local host are not restricted in any way.

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT

In order to have the config automatically load during boot, I recommend the package iptables-persistent. On Ubuntu or Debian you should be able to install iptables-persistent with the command

sudo apt-get install iptables-persistent

Now you can save your configuration to the persistent iptable rule file

/etc/iptables/rules.v4

and load it with the command
sudo iptables-restore < /etc/iptables/rules.v4
Note that if you are using fail2ban, you should stop the fail2ban service before editing or saving persistent firewall rules. Stopping fail2ban will clear the fail2ban entries from your iptables rules. You can do this by typing

sudo service fail2ban stop

and when you are done editing the rules, restart fail2ban with

sudo service fail2ban start

Comments

Post a Comment

Popular posts from this blog

How to fix the weird audio bug in Kingdom Come: Deliverance

Image
  Kingdom Come: Deliverance has a bug which makes the sound come out muffled or like the characters were talking far away or through a tunnel. This seems to be because the game thinks you are using multichannel surround sound. There seems to be no option to change the audio mode in-game. Instead, you should change your audio settings in Windows by following these directions: Press the windows key Type "Choose your output device" and select the search result. Select "Device properties" under the Output caption. Select "Additional device properties" This dialog will differ depending on your audio hardware. Go to the Advanced tab. There should be a selection for the default audio format. You should select something like this: 2 channel 44100 Hz audio. I had my Focusrite audio interface set up with 8 channels 24bit 44100 Hz, and that caused Kingdom Come to think I have surround sound. After changing the channel amount to 2 the audio started working correctly.
Read more

How to install and play Curse of Monkey Island on Android

Image
There are some great adventure games on Android already. I can warmly recommend Thimbleweed Park or The Silent Age for example. But what if you wanted to play an old classic that cannot be found on Google Play? ScummVM is an app that can emulate these games, if you have the data files. And Curse of Monkey Island is one of these classics. Installation Purchase Curse of Monkey Island from gog.com or Steam (costs about 5€) Download and install it with the GOG Galaxy launcher ... Or Steam Locate the Curse of Monkey Island install directory on your PC Copy the directory to your Android phone, either with a USB cable or on the SD card with an adapter Install the ScummVM app on your phone Start ScummVM and press "Add game" Find the game folder on your phone, select it and click OK.  If you have trouble finding the folder, I made a separate guide for that. Now you can start enjoying Curse of Monkey Island! These instructions should also work on an iPhone. Controls The game is or...
Read more

How to get rid of coil whine just by tweaking BIOS

Finally. No more ringing in my ears! I had a really bad case of coil whine with my computer. In the end I fixed it just by tweaking the BIOS! The coil whine was at it's worst when the PC was idling or under a light load.  Coil whine is a high-pitched sound that is produced by coils resonating at a high frequency. It is really hard to sense where exactly it's coming from. This is because humans cannot sense direction for high-pitched sounds. At first I thought it was my graphics adapter. So I bought a new used one. But the ringing was still there after the upgrade. Next up, I suspected my PSU was the culprit. So I changed the power supply to a newer 80 Plus Platinum model. I hate changing the PSU. And it didn't help. So it looked like my motherboard was the cause. It's an older ASUS motherboard, P8H67-V.  After googling around a bit, I found people talking about ASUS motherboards and coil whine when power-saving features are on in the BIOS . The so-called "C-state...
Read more

Script for updating no-ip DDNS from behind the router

no-ip is my favourite dynamic DNS service, and I was saddened by the fact that my new Cisco EPC3825 cable modem didn't support it. I have a Linux server running, so my second option was to use that for updating the IP. All I needed was a script to do it for me, from inside the LAN of my home. Problem is, my server is in a LAN with an internal IP, while I need it to update no-ip.org with the IP address of my cable modem. It was made possible by 1) no-ip - maybe the best free dynamic DNS? 2) ifconfig.me - an AWESOME site for figuring out your IP in linux 3) some scripting skills 4) cron First, have an account at no-ip.org ready, so sign in and create an account if you haven't done it yet. Install curl and wget: apt-get install curl wget Install also the no-ip client (more info at their help site ): cd /usr/local/src wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz tar xzf noip-duc-linux.tar.gz cd no-ip-2.1.9 make make install Now...
Read more

Minecraft recv failed error... fixed!

Image
OK. A lot of people seem to have this problem. Finally, I managed to fix it for myself! This problem is quite common with Minecraft Survival Multiplayer. Basically, the problem goes like this: you connect to a server, maybe manage to do something for some minutes, and then you eventually hang up with the message: Internal exception: java.netSocketException: Software caused connection abort: recv failed For some, this comes instantly. Some fall straight into the void and cannot communicate through the chat, although they see the others talk. Some even get to mine something for a while. But then it all ends with this message. It seems that this problem is due to two things: certain integrated network adapters and their old / buggy drivers, and the current buggy state of Minecraft multiplayer mode. Also, some people report that the problem may occur due to incorrect port forwarding. With me, this was not the case. Solutions that work for some people (but didn't work...
Read more

How to find the ScummVM game folder on Android

Image
Finding stuff on the Android ScummVM app is not the most intuitive process, but it pays out! Finding the game folder on Android ScummVM is not very straightforward, so I decided to write this quick guide. I already wrote a guide on how to install and play Curse of Monkey Island on Android , but didn't elaborate on how to find the game folder on the app. Firstly, ScummVM is an awesome open-source collection of game engines capable of running many old point & click classics . In addition to the first three Monkey Island games, you can play Blade Runner, Broken Sword, Day of the Tentacle, Elvira, Full Throttle, Gabriel Knight, Grim Fandango, Indiana Jones, King's Quest, Kyrandia, Lands of Lore, Leisure Suit Larry, Longest Journey, Loom, Myst, Police Quest, Quest for Glory, Sam & Max, Simon the Sorcerer, Space Quest, The Dig, Ultima, Waxworks... the list goes on and on! So, you have transferred the game folder of your game on your phone using USB file transfer or by copyin...
Read more