[clug] iptables on R Pi
Logan Ryan McLintock
u4955237 at anu.edu.au
Tue Aug 6 05:19:00 MDT 2013
Hello fellow CLUG genii,
I am a newbie, and I would like to find a good way to set the iptables (firewall) for a Debian (Raspbian) Raspberry Pi. I am using the latest release.
I have managed to 'drop' everything by changing the
rc.local
file, but I was wondering two things;
1) is there a better file to put the commands in, or is rc.local 'correct'
2) what is a better configuration (besides dropping it like its hot) for a standard R Pi 'desktop using ether Internet' - not a server
What I have done is shown below -- Sorry for the pile of commands, I just thought it would make more sense.
PS. I searched the Internet, but it quickly gets confusing as there are lots of different distros and servers etc.
Thank you lots,
C u on Thursday
Logan -) cyclops
%%%%%%%%%%%%% my commands %%%%%%%%%%%%%%%%
root at raspberrypi:/home/pi# iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
root at raspberrypi:/home/pi#
root at raspberrypi:/home/pi# iptables -P INPUT DROP
root at raspberrypi:/home/pi# iptables -P FORWARD DROP
root at raspberrypi:/home/pi# iptables -P OUTPUT DROP
root at raspberrypi:/home/pi#
root at raspberrypi:/home/pi# iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
root at raspberrypi:/home/pi#
root at raspberrypi:/home/pi# cd /etc
root at raspberrypi:/etc# iptables-save > /etc/iptables.conf
root at raspberrypi:/etc# cat iptables.conf
# Generated by iptables-save v1.4.14 on Fri Jul 26 14:17:19 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
COMMIT
# Completed on Fri Jul 26 14:17:19 2013
root at raspberrypi:/etc#
root at raspberrypi:/etc#
root at raspberrypi:/etc# cat rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
printf "My IP address is %s\n" "$_IP"
fi
exit 0
root at raspberrypi:/etc#
root at raspberrypi:/etc#
root at raspberrypi:/etc# leafpad /etc/rc.local
root at raspberrypi:/etc#
root at raspberrypi:/etc# cat rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# Load iptables rules from this file
iptables-restore < /etc/iptables.conf
# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
printf "My IP address is %s\n" "$_IP"
fi
exit 0
root at raspberrypi:/etc#
root at raspberrypi:/etc# reboot
More information about the linux
mailing list