I saved my firewall rules (in
iptables-save format) to /etc/network/fwrules. My firewall rules are fairly specific to my setup, but the following might serve as a good starting point if you want to try this:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
And then I just saved the following to
/etc/network/if-pre-up.d/fw:
#!/bin/bash
iptables-restore < /etc/network/fwrules
(Be sure to make this file executable:
sudo chmod 755 /etc/network/if-pre-up.d/fw).This loads the firewall rules prior to bringing up the network interface, so that the firewall is in place by the time the network connection is active.
No comments:
Post a Comment