Firewall using IPTABLES & Fail2Ban

IPTABLES

The first instruction to know which rules we have setup on our server

Show current rules

sudo iptables -L -v

How to delete all rules

sudo iptables --flush
sudo iptables --delete-chain

If we haven't configure a thing the result that we get is the following:


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 22659 packets, 3054K bytes)
 pkts bytes target     prot opt in     out     source               destination

For this example I will configure the most commont rules, and that is enable ssh(22), http(80), https(443) and any other connection already established.

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

sudo iptables -A INPUT -j DROP

IPTABLES Persist

To be able save this rules on the configuration of our server we will use a package formerly called iptables-persistent and now netfilter-persistent.

First lets install

sudo apt install -y iptables-persistent

Start the service

# Start the service 

sudo service netfilter-persistent start 

Save the rules

# dry-run
sudo iptables-save 
## save a config file.
sudo iptables-save > /etc/iptables/rules.v4 

Restart the service

sudo service netfilter-persistent restart 

Fail2Ban

sudo apt install -y fail2ban
sudo cp /etc/Fail2Ban/jail.conf /etc/Fail2Ban/jail.local 
sudo service fail2ban reload 

Victor Yoalli

This is me.