Friday, December 21, 2012

Linux Firewall Important Rule Commands


Firewall Builder is GUI firewall for to see all firewall policy rule structured view. You can install this tool going through this link
https://help.ubuntu.com/community/DynamicFirewall

You can install also Firestarter firewall just by executing the 
apt-get install firestarter

#Export a firewall rules in a text file
iptables-save>rules.txt

#Restore a firewall rule from a text file (make sure you will lost your existing firewall rules after restoring)
iptables-restore<rules.txt

#Check the firewall rules
iptables -L -n -v

#Check the firewall chain rule through line numbers
INPUT==>iptables -L  INPUT --line-numbers
OUTPUT==>iptables -L  OUTPUT  --line-numbers
FORWARD==> iptables -L  FORWARD --line-numbers

#Delete the particular firewall rule from a particular chain
Step1: First check the line numbers from about command
Step2: Ececute this command on your terminal==> iptables -D POLICY-NAME LINE-NUMBER
LIKE: for INPUT POLICY==> iptables -D INPUT 13


#FTP Port in terminal
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT

#For to open 80 and 443 port
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

#UDP Port for SIP SERVER
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT

#VPN SERVER Firewall Rules
iptables -A INPUT -i eth1 -p tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT

#Coovachilli Hotspot port
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 4990 --syn -j ACCEPT

#Other Port for Coovachilli Hotspot(if facing any issue check these port also)
iptables -I INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 67:68 --syn -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 3306 --syn -j ACCEPT

#SSH Accept from tun0
iptables -I INPUT -i tun0 -p tcp -m tcp --dport 22 --dst 192.168.3.1 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT

#Open UDP Port for sip server
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT


No comments:

Post a Comment