Enable Firewall:
vi /etc/network/interfaces
auto lo eth1
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
post-up iptables-restore < /etc/iptables.up.rules
/etc/iptables.up.rules
# allow all incomings from Support
-A INPUT -s 213.252.142.196 -j ACCEPT
-A INPUT -s 62.225.124.190 -j ACCEPT
-A INPUT -s 62.225.124.186 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
# Internal FTP
-A INPUT -p tcp -m tcp -m multiport -s 10.1.2.1 -j ACCEPT --dports 20,21
# Port 3305 for all
-A INPUT -p tcp -m tcp --dport 3305 -j ACCEPT
# Drop all
-A INPUT -j DROP
COMMIT
Show staus:
iptables -L
Activate iptables rules:
iptables-restore < /etc/iptables.up.rules
Deactivate iptables FW (or all rules)
iptables -F
Problem a connection to special for doesnt work even we have outgoing iptables -A OUTGOING -j ACCECPT
Solution:
-A INPUT -i eth1 -p tcp --sport 3305 -m state --state ESTABLISHED -j ACCEPT
example open for ntp
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --dport 123 -j ACCEPT