How to configure to allow Interfaces in IPtables

You would like to block all network traffic using iptables firewall under Debian GNU/Linux. This will block all incoming and outgoing traffic including Internet aka ADSL/ppp0 and it is highly recommend. The logic is block everything and allow only required traffic. This can be done with four simple commands:

# iptable -F
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP

Please do not enter above command over remote ssh login session.

iptables -A INPUT -i lo -j ACCEPT

Suppose we have 2 separate interfaces, eth0 which is our internal LAN connection and ppp0 dialup modem (or maybe eth1 for a nic) which is our external internet connection. We may want to allow all incoming packets on our internal LAN but still filter incoming packets on our external internet connection. We could do this as follows:

 

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT

But be very careful - if we were to allow all packets for our external internet interface (for example, ppp0 dialup modem):

 

iptables -A INPUT -i ppp0 -j ACCEPT

, , , , , , , , , , , , , , , , , , , ,

Linux



Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Categories

Recent Posts