Help me setup iptables plis

File: thefrench.jpg (131KB, 612x842px) Image search: [Google]

131KB, 612x842px

>>62212178
no

>>62212178
just use ufw

# iptables -A OUTPUT -j REJECT

File: 1502181592075.png (597KB, 714x528px)

597KB, 714x528px

>>62212178
more or less what I use

#PRECONFIGURE, flush and create logging table
iptables -F
iptables -N LOGGING


#INPUT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -t filter -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT


#drop a bunch of broadcast/udp trash from winbabs on my subnet
iptables -t filter -A INPUT -p udp -m multiport --ports 27036 -j DROP

iptables -t filter -A OUTPUT -p udp -d your.net.here.255 -j DROP
iptables -t filter -A OUTPUT -p udp -d 255.255.255.255 -j DROP

#LOGGING
iptables -t filter -A INPUT -j LOGGING
#drop some stuff that through experience has high volumes and would spam up logfile
#ditch the rules if you do not have others on your subnet so to log it I guess
#local peer discovery
iptables -t filter -A LOGGING -p udp -s your.net.here.0/24 -d 239.192.152.143 -j DROP
#broadcast
iptables -t filter -A LOGGING -p udp -s your.net.here.0/24 -d your.net.here.255 -j DROP
#broadcast
iptables -t filter -A LOGGING -p udp -s your.net.here.0/24 -d 255.255.255.255 -j DROP
#multicast
iptables -t filter -A LOGGING -s your.net.here.0/24 -d 224.0.0.0/24 -j DROP

#rate limiting
#iptables -t filter -A LOGGING -m limit --limit 20/min --limit-burst 10 -j LOG --log-prefix "IPD: " --log-level 4
#label it in /var/log/messages
iptables -t filter -A LOGGING -j LOG --log-prefix "IPD: " --log-level 4
#drop logged stuff, I guess you could set up more intricate rules to also log accepted things
iptables -t filter -A LOGGING -j DROP


#CLEANUP, print and save etc
iptables -L -v
/etc/init.d/iptables save
/etc/init.d/iptables restart