💾 Archived View for gluonspace.com › gemlog › simple_firewall_with_iptables.gmi captured on 2022-03-01 at 15:06:03. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
The Netfilter framework along with its userland companion iptables has been present in the kernel since the 2.3 development version replacing the old ipchains code (something the true Linux geek should remember). Though it can get quite complex to manage depending on the set of rules you need to apply, its basic interface is neatly handled by iptables and therefore the most basic traffic filtering is easily accomplished.
There's really no better place to learn how to use iptables to manage Netfilter than at the Netfilter's website which features comprehensive howtos not only about the framework itself but also about general networking concepts. Having said that, the ultimate all around geek may lack the time to read them since he's got millions of other interests.
Here's quite a simple set of iptables commands which should setup a trivial firewall quite useful for computers directly connected to the Internet through a cable modem for instance:
iptables --policy INPUT DROP iptables --policy OUTPUT ACCEPT iptables --policy FORWARD ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT