The following is a Quick n’ Dirty method at implementing a very simple firewall. This HOWTO is a general compilation of suggested tips for a firewall.<\/p>\n
Depending on your VPS, first locate iptables:<\/p>\n
[root@vps \/]# which iptables\r\n<\/pre>\nCreate IP Based Accept\/Deny<\/h3>\n
Create a whitelist (IP passes through firewall) or blacklist (packets from IP always dropped) if you wish:<\/p>\n
[root@vps \/]# vi \/usr\/local\/etc\/whitelist.txt\r\n<\/pre>\nAnd\/Or…<\/p>\n
[root@vps \/]# vi \/usr\/local\/etc\/blacklist.txt\r\n<\/pre>\nIn each file, add each IP per line, for instance:<\/p>\n
4.2.2.2\r\n66.35.15.20\r\n<\/pre>\nfirewall.sh Script<\/h3>\n
Then put the following in \/etc\/init.d\/firewall.sh, and edit to fit your needs:<\/p>\n
#!\/bin\/sh\r\n#\r\n## Quick n Dirty Firewall\r\n#\r\n## List Locations\r\n#\r\n\r\nWHITELIST=\/usr\/local\/etc\/whitelist.txt\r\nBLACKLIST=\/usr\/local\/etc\/blacklist.txt\r\n\r\n#\r\n## Specify ports you wish to use.\r\n#\r\n\r\nALLOWED=\"22 25 53 80 443 465 587 993\"\r\n\r\n#\r\n## Specify where IP Tables is located\r\n#\r\n\r\nIPTABLES=\/sbin\/iptables\r\n\r\n#\r\n## Clear current rules\r\n#\r\n\r\n$IPTABLES -F\r\necho 'Clearing Tables F'\r\n$IPTABLES -X\r\necho 'Clearing Tables X'\r\n$IPTABLES -Z\r\necho 'Clearing Tables Z'\r\n\r\necho 'Allowing Localhost'\r\n#Allow localhost.\r\n$IPTABLES -A INPUT -t filter -s 127.0.0.1 -j ACCEPT\r\n\r\n#\r\n## Whitelist\r\n#\r\n\r\nfor x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do\r\n echo \"Permitting $x...\"\r\n $IPTABLES -A INPUT -t filter -s $x -j ACCEPT\r\ndone\r\n\r\n#\r\n## Blacklist\r\n#\r\n\r\nfor x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do\r\n echo \"Denying $x...\"\r\n $IPTABLES -A INPUT -t filter -s $x -j DROP\r\ndone\r\n\r\n#\r\n## Permitted Ports\r\n#\r\n\r\nfor port in $ALLOWED; do\r\n echo \"Accepting port TCP $port...\"\r\n $IPTABLES -A INPUT -t filter -p tcp --dport $port -j ACCEPT\r\ndone\r\n\r\nfor port in $ALLOWED; do\r\n echo \"Accepting port UDP $port...\"\r\n $IPTABLES -A INPUT -t filter -p udp --dport $port -j ACCEPT\r\ndone\r\n\r\n$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\r\n$IPTABLES -A INPUT -p udp -j DROP\r\n$IPTABLES -A INPUT -p tcp --syn -j DROP\r\n<\/pre>\nStart Firewall<\/h3>\n
[root@vps \/]# chmod 700 \/etc\/init.d\/firewall.sh\r\n[root@vps \/]# \/etc\/init.d\/firewall.sh\r\n<\/pre>\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Abstract The following is a Quick n’ Dirty method at implementing a very simple firewall. This HOWTO is a general compilation of suggested tips for a firewall. Let’s Get Dirty Locate IPTables Depending on your VPS, first locate iptables: [root@vps \/]# which iptables Create IP Based Accept\/Deny Create a whitelist (IP passes through firewall) or […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-358","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=358"}],"version-history":[{"count":0,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/358\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}