Linux iptables is a firewall tool that allows you to configure and secure your Ubuntu VPS by defining rules for inbound and outbound network traffic. Here are the steps to secure your Ubuntu VPS with Linux iptables firewall:

1. Open a terminal on your Ubuntu VPS.

2. Check the current status of the iptables firewall using the following command:


sudo iptables -L

This will display the current rules for the firewall.

3. Create a new iptables rule to block all incoming traffic, except for the ports that you want to allow. For example, if you want to allow incoming traffic on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS), use the following commands:


sudo iptables -P INPUT DROP
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

The first command sets the default policy for incoming traffic to "DROP", which means that all traffic will be blocked by default. The second command allows traffic on the loopback interface. The third command allows traffic that is related to an established connection. The last three commands allow traffic on ports 22, 80, and 443.

4. Save the iptables rules using the following command:


sudo iptables-save > /etc/iptables.rules

This will save the current iptables rules to the "/etc/iptables.rules" file.

5. Enable iptables on boot by creating a new systemd service file. Use the following command to create the file:


sudo nano /etc/systemd/system/iptables.service

Add the following lines to the file:


[Unit]
Description=IPv4 firewall with iptables

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore /etc/iptables.rules
ExecReload=/sbin/iptables-restore /etc/iptables.rules
ExecStop=/sbin/iptables-save -f /etc/iptables.rules

[Install]
WantedBy=multi-user.target

Save the file and close the editor.

6. Enable the iptables service using the following command:


sudo systemctl enable iptables.service

7. Reload the systemd daemon using the following command:


sudo systemctl daemon-reload

8. Start the iptables service using the following command:


sudo systemctl start iptables.service

9. Check the status of the iptables service using the following command:


sudo systemctl status iptables.service

This should display the status of the iptables service, indicating that it is running.

That's it! Now, you have secured your Ubuntu VPS with the Linux iptables firewall.

¿Fue útil la respuesta? 223 Los Usuarios han Encontrado Esto Útil (42 Votos)