[clug] iptables on R Pi

Logan Ryan McLintock u4955237 at anu.edu.au
Tue Aug 6 08:15:36 MDT 2013 

Hi Jeff and David,

Your tips have helped with my googling, and I think I have found what I am after - how obvious but to be in the Debian help docs - such a rookie

https://wiki.debian.org/iptables

If I follow these instructions, but delete this line:

-A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT

as I don't what SSH,
then everything should be ok I think. I take it that 80 and 443 are just to let you surf the net? I will give it a go =)

PS. Just installed Trisquel, and I love it!!! -- I will be switching to it from Linux Mint 15 -- the only problem with Trisquel thus far is no Australian server so updates/software package installs are slow.

-)

On 06/08/2013, at 9:56 PM, jm <jeffm at ghostgun.com> wrote:

> 
> From memory there's a package called iptables-persistent or something similar that you can install to give you a consistent way to do this.
> 
> Jeff.
> 
> Logan Ryan McLintock wrote:
>> Hello fellow CLUG genii,
>> 
>> I am a newbie, and I would like to find a good way to set the iptables (firewall) for a Debian (Raspbian) Raspberry Pi. I am using the latest release.
>> 
>> I have managed to 'drop' everything by changing the
>> rc.local
>> file, but I was wondering two things;
>> 1) is there a better file to put the commands in, or is rc.local 'correct'
>> 2) what is a better configuration (besides dropping it like its hot) for a standard R Pi 'desktop using ether Internet' - not a server
>> 
>> What I have done is shown below -- Sorry for the pile of commands, I just thought it would make more sense.
>> 
>> PS. I searched the Internet, but it quickly gets confusing as there are lots of different distros and servers etc.
>> 
>> Thank you lots,
>> 
>> C u on Thursday
>> 
>> Logan -) cyclops
>> 
>> %%%%%%%%%%%%% my commands %%%%%%%%%%%%%%%%
>> 
>> root at raspberrypi:/home/pi# iptables -L -n -v
>> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>> pkts bytes target     prot opt in     out     source   destination
>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>> pkts bytes target     prot opt in     out     source   destination
>> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>> pkts bytes target     prot opt in     out     source   destination
>> root at raspberrypi:/home/pi#
>> root at raspberrypi:/home/pi# iptables -P INPUT DROP
>> root at raspberrypi:/home/pi# iptables -P FORWARD DROP
>> root at raspberrypi:/home/pi# iptables -P OUTPUT DROP
>> root at raspberrypi:/home/pi#
>> root at raspberrypi:/home/pi# iptables -L -n -v
>> Chain INPUT (policy DROP 0 packets, 0 bytes)
>> pkts bytes target     prot opt in     out     source
>> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>> pkts bytes target     prot opt in     out     source
>> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
>> pkts bytes target     prot opt in     out     source
>> root at raspberrypi:/home/pi#
>> root at raspberrypi:/home/pi# cd /etc
>> 
>> root at raspberrypi:/etc# iptables-save > /etc/iptables.conf
>> root at raspberrypi:/etc# cat iptables.conf
>> # Generated by iptables-save v1.4.14 on Fri Jul 26 14:17:19 2013
>> *filter
>> :INPUT DROP [0:0]
>> :FORWARD DROP [0:0]
>> :OUTPUT DROP [0:0]
>> COMMIT
>> # Completed on Fri Jul 26 14:17:19 2013
>> root at raspberrypi:/etc#
>> root at raspberrypi:/etc#
>> root at raspberrypi:/etc# cat rc.local
>> #!/bin/sh -e
>> #
>> # rc.local
>> #
>> # This script is executed at the end of each multiuser runlevel.
>> # Make sure that the script will "exit 0" on success or any other
>> # value on error.
>> #
>> # In order to enable or disable this script just change the execution
>> # bits.
>> #
>> # By default this script does nothing.
>> # Print the IP address
>> _IP=$(hostname -I) || true
>> if [ "$_IP" ]; then
>>  printf "My IP address is %s\n" "$_IP"
>> fi
>> exit 0
>> root at raspberrypi:/etc#
>> root at raspberrypi:/etc#
>> root at raspberrypi:/etc# leafpad /etc/rc.local
>> root at raspberrypi:/etc#
>> root at raspberrypi:/etc# cat rc.local
>> #!/bin/sh -e
>> #
>> # rc.local
>> #
>> # This script is executed at the end of each multiuser runlevel.
>> # Make sure that the script will "exit 0" on success or any other
>> # value on error.
>> #
>> # In order to enable or disable this script just change the execution
>> # bits.
>> #
>> # Load iptables rules from this file
>> iptables-restore < /etc/iptables.conf
>> # Print the IP address
>> _IP=$(hostname -I) || true
>> if [ "$_IP" ]; then
>>  printf "My IP address is %s\n" "$_IP"
>> fi
>> exit 0
>> root at raspberrypi:/etc#
>> root at raspberrypi:/etc# reboot
>> 
>> 
>>  
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

More information about the linux mailing list