You can view current firewall rules via sudo iptables -L -v
.
In this video, we'll add to the input chain, which controls incoming (ingress) traffic:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP
We appended rules so far, but you can also insert rules to a specific location:
sudo iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT
Finally, we need to persist these rules through reboots:
# Install it (this should save your current rules)
sudo apt-get install -y netfilters-persistent
# Persist for next reboot (may be unnecessary)
sudo iptables-save > /etc/iptables/rules.v4
Resources
- Consider using
iptables-nft
instead of the "legacy"iptables
command - See how to convert rules to
nft
format here.