Make sure Debian has been update and upgrade
#apt-get update && apt-get dist-upgrade
Then type following rules below on terminal
#iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT // add rules to allow traffic on your loopback interface: #iptables -A INPUT -i lo -j ACCEPT #iptables -A OUTPUT -o lo -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT #iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -P OUTPUT ACCEPT #iptables -P INPUT DROP
Check list iptables rules
#iptables -L -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0 2 state NEW DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0 2 state NEW DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
iptables-persistent for Debian/Ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name “iptables-persistent” which takes over the automatic loading of the saved iptables rules. To do this, the rules must be saved in the file /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6. For use iptables-persistent, the package must simply be installed.
#apt-get install iptables-persistent
System will ask to save iptables rules to /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6, choose Yes.
Save your rules by running:
#service iptables-persistent save #service iptables-persistent restart
And it flush your IPtables rules, effectively disabling your firewall, run:
#service iptables-persistent stop #service iptables-persistent start #service iptables-persistent restart
Done!
Faster way just paste this on console
/sbin/iptables -F && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP && /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP && /sbin/iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT && /sbin/iptables -A INPUT -i lo -j ACCEPT && /sbin/iptables -A OUTPUT -o lo -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT && /sbin/iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && /sbin/iptables -P OUTPUT ACCEPT && /sbin/iptables -P INPUT DROP
Next!!
#apt-get install iptables-persistent
iptables-save
#/sbin/iptables-save > /etc/iptables/rules.v4 #/sbin/iptables-save > /etc/iptables/rules.v6
iptables-restore
#/sbin/iptables-restore < /etc/iptables/rules.v4 #/sbin/iptables-restore < /etc/iptables/rules.v6