Debian Iptable Firewall

Published: Wednesday, Dec 26, 2007 Last modified: Monday, Apr 8, 2024

The iptables init.d script is no longer. So here is how I configured my firewall in /etc/network/interfaces:

iface lo inet loopback
auto eth0
iface eth0 inet dhcp
    pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
    pre-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    pre-up iptables -N block
    pre-up iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
    pre-up iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
    pre-up iptables -A block -j DROP
    pre-up iptables -A INPUT -j block
    pre-up iptables -A FORWARD -j block
    pre-up iptables -I block -i eth0 -p tcp --dport 22 -j ACCEPT
    pre-up iptables -I block -i eth0 -p tcp --dport 80 -j ACCEPT