May 18, 2020

Secure Firewall Setup

We setup firewalls with iptables in Ubuntu 20.04 Focal.

Previous: Secure SSH Setup

You can view current firewall rules via sudo iptables -L -v.

In this video, we'll add to the input chain, which controls incoming (ingress) traffic:

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP

We appended rules so far, but you can also insert rules to a specific location:

sudo iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT

Finally, we need to persist these rules through reboots:

# Install it (this should save your current rules)
sudo apt-get install -y netfilters-persistent

# Persist for next reboot (may be unnecessary)
sudo iptables-save > /etc/iptables/rules.v4

Resources

  • Consider using iptables-nft instead of the "legacy" iptables command
  • See how to convert rules to nft format here.

All Topics