Configure Your Server's Firewall with IPTables

IPTables is a powerful tool essential for managing network traffic and ensuring your system's security, though it might be hard to understand when first working with it on the commandline. Using the steps provided, you can block traffic to a server and its services, while allowing it from certain IP addresses.

Step 1: Setting Up Logging Rules

Before we dive into allowing traffic, it's crucial to set up logging for dropped packets. This way, you can monitor any unwanted access attempts. Start by creating a new ruleset named 'LOGGING':

iptables -N LOGGING
iptables -A INPUT -j LOGGING

Now, let's make sure we're not overwhelmed by logs. We'll limit the logging to two entries per minute and add a prefix for easy identification:

iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4

Finally, ensure that after logging, the packets are dropped:

iptables -A LOGGING -j DROP

Step 2: Whitelisting Office IP Addresses

Assuming your office needs access to the server, you'll have to whitelist your office IP address or hostname, use the following command, replacing {office ip or hostname} with the actual address:

iptables -I INPUT -s {office ip or hostname} -j ACCEPT

For example, if your office uses specific hostnames, your commands would look like this:

iptables -I INPUT -s  -j host.example.com ACCEPT

Step 3: Removing Conflicting Firewall Rules

Sometimes, existing rules can interfere with the new settings. You might need to remove some default rules to ensure your new configuration works correctly. To review the currently active rules, use the following command:

iptables --list --numeric

the --numeric parameter ensures that dns names are resolved to numeric IP addresses when the rules are printed. You may choose to omit this parameter if you prefer.

Step 4: Saving Your Configuration

After configuring IPTables, save your current state to a file. This file can be used later to restore your settings or to apply them at startup:

iptables-save > ~/iptables.conf

To make these changes persistent across reboots, save the configuration to the system's iptables file, for example to this location when using a RHEL system:

iptables-save > /etc/sysconfig/iptables

And there you have it! With these steps, you've successfully configured your server's firewall to log unwanted traffic, allow necessary connections, and maintain a secure network environment. Remember to replace placeholders with your actual data, and always back up your configurations before making changes.

_{Photo from: @jakobustrop}