Posts Tagged iptables

Easy Linux Firewalling using IPTables

Posted by on Sunday, 21 March, 2010

A lot of our customers have asked for firewalls, and since this is a common theme, i decided that I would help them out. Of course it can be a mission to learn how to make your own and what to do or not do, and some of the pre-made ones can be confusing.

So i decided to simplify it a little for you all by writing a firewall script. I originally took a script made by somebody else, then totally modified it to suit myself, then modified it again to suit any machine. You *should* be able to literally drop this in place on any server and have it *just work*.

All you need to do is edit the top couple of lines to set what ports you want open or closed. edit the other options (ie ssh port etc). Full instructions as follows

wget http://b.ri.mu/files/firewall
nano firewall # ctrl+x to exit when finished editing
chmod +x firewall
./firewall

If you are still able to connect to your VPS in all the usual ways then you can add that into your init scripts. To check what ports you have open and want the outside world to connect to you can use

netstat -pant |grep LISTEN

If you are unable to login then you may need to log into the console of your VPS at https://rimuhosting.com/cp/vps/console.jsp

Adding it into the init scripts

cp firewall /etc/init.d/firewall

Debian Based (debian.ubuntu etc)

update-rc.d firewall defaults

Centos/RPM based

chkconfig --add firewall

Preventing DoS attacks before they become a problem

Posted by on Friday, 25 September, 2009

I came across this little gem not to long back which is handy.

It basically blocks IPs depending on the amount of connections they have. The defaults are fairly reasonable at 150 connections, and its remarkably easy to install.

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

Presto, now its installed! If you want to customize it then check in /usr/local/ddos/ddos.conf and edit it a bit.

Uninstall is just as easy

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos