How to set firewall rules on Linux

How to set firewall rules on Linux

The firewall is an important part of protecting computer network security. It can monitor and filter network data packets and protect the system from malicious attacks. On the Linux operating system, we can use the iptables command to set firewall rules to control the flow of data packets.

This article will introduce how to set up firewall rules on Linux to control input, output and forwarding of data packets.

1. View current firewall rules

Before we begin, let’s first check the existing firewall rules in the current system. You can use the following command:

iptables -L

This command will list the current firewall rules, including the rules of the INPUT (input), OUTPUT (output) and FORWARD (forward) chains.

2. Set default rules

By default, all packets will be accepted (ACCEPT). We can set default rules to determine how packets are handled. For example, the following command will reject all incoming packets, accept all outgoing packets, and drop all forwarded packets.

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

The "-P" parameter here is used to set the default policy of the chain, and the following "DROP" and "ACCEPT" indicate rejecting and accepting data packets respectively.

3. Add rules

Next we can add specific firewall rules. The following are a few simple rule examples:

1) Allow packets from a certain IP address to pass:

iptables -A INPUT -s 192.168.0.100 -j ACCEPT

This command will allow packets from the 192.168.0.100 address to pass.

2) Reject packets from a certain IP address:

iptables -A INPUT -s 192.168.0.100 -j DROP

This command will reject packets from the 192.168.0.100 address.

3) Allow data packets of a certain port to pass:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

This command will allow data packets of the SSH service (port 22) of the TCP protocol to pass.

4) Allow data packets from a certain network segment to pass:

iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT

This command will allow data packets from the 192.168.0.0/24 network segment to pass.

4. Save Rules

After we add the rules, we can use the following command to save the rules to the configuration file so that they will take effect after the system is restarted:

iptables-save > /etc/sysconfig/iptables

This command saves the current firewall rules to the /etc/sysconfig/iptables file.

5. Delete rules

If you need to delete existing firewall rules, you can use the following command:

iptables -D  

where "" is the Delete the chain of rules, "" is the number of the rule. You can use the iptables -L command to view the rule number.

6. Clear rules

If you need to clear all firewall rules, you can use the following command:

iptables -F
iptables -X

The "-F" parameter is used to clear the chain In all rules, the "-X" parameter is used to delete customized user chains.

Summary:

This article explains how to set up firewall rules on Linux. By viewing current rules, setting default rules, adding rules, saving rules and other steps, we can effectively protect system security. However, it should be noted that when setting firewall rules, make sure that necessary network connections are not blocked, otherwise the system may not work properly.

The above is the detailed content of How to set firewall rules on Linux. For more information, please follow other related articles on the PHP Chinese website!