iptables on ubuntu 14.04.1 LTS

I had problems setting iptables on ubuntu so used a script to get it working and modified it for my specific ports I needed to be open.

#!/bin/sh

IPT=”/sbin/iptables”

# Flush old rules, old custom tables
$IPT –flush
$IPT –delete-chain

# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP

# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! –syn -m state –state NEW -s 192.168.0.0/24 -j DROP

# Accept inbound TCP packets
$IPT -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp –dport 22 -m state –state NEW -s 192.168.0.0/24 -j ACCEPT
# Accept inbound ICMP messages
$IPT -A INPUT -p ICMP –icmp-type 8 -s 192.168.0.0/24 -j ACCEPT
$IPT -A INPUT -p ICMP –icmp-type 11 -s 192.168.0.0/24 -j ACCEPT
# Accept SNMP
$IPT -A INPUT -s 192.168.0.0/24 -p udp -m udp –dport 161 -j ACCEPT
# RSYNC
$IPT -A INPUT -s 192.168.0.0/24 -p tcp -m state –state NEW -m tcp –dport 873 -j ACCEPT
# NRPE
$IPT -A INPUT -s 192.168.0.0/24 -p tcp -m state –state NEW -m tcp –dport 5666 -j ACCEPT
#SMTP
$IPT -A INPUT -s 192.168.0.0/24 -p tcp -m state –state NEW -m tcp –dport 25 -j ACCEPT

# Accept outbound packets
$IPT -I OUTPUT 1 -m state –state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p udp –dport 53 -m state –state NEW -j ACCEPT
$IPT -A OUTPUT -p tcp –dport 873 -m state –state NEW -j ACCEPT
$IPT -A OUTPUT -p tcp –dport 25 -m state –state NEW -j ACCEPT

Run the script in sh ./script
I also used iptables-persistent – apt-get install iptables-persistent
Once you have the iptables inline, you can check with iptables -L
You need to save them to your v4 rules –

iptables-save > /etc/iptables/rules.v4

You won’t need to restart iptables-persistent, but you can by /etc/init.d/iptables-persistent restart

One thought on “iptables on ubuntu 14.04.1 LTS”

Leave a Reply

Your email address will not be published. Required fields are marked *