-   Linux - Software (
-   -   Configure the Firewalls with NanoPi M3 (

jiatang 08-10-2016 07:33 AM

Configure the Firewalls with NanoPi M3
1、First you have to make sure your NanoPi M3 can work access to the Internet;

2、And you need to install iptables in nanopi m3:
#apt-get install iptables

3、Check the current Iptables information of NanoPi M3 configuration:
#iptables -L

4、Configure /etc/iptables.test.rules:
#vi /etc/iptables.test.rules


# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d -j REJECT
# Accepts all established inbound connections
# Allows all outbound traffic
# You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
# The --dport number is the same as in /etc/ssh/sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Now you should read up on iptables rules and consider whether ssh access
# for everyone is really desired. Most likely you will only allow access from certain IPs.
# Allow ping
# note that blocking other types of icmp packets is considered a bad idea by some
# remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp:
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy:

5、After configuring file,that you can type following commands to use these rules:
(iptables provides function which saves current running rule)
#iptables-save > /etc/iptables.up.rules
#iptables-restore < /etc/iptables.test.rules

lazydog 08-10-2016 02:33 PM

Is there a question in there some where?

Jjanel 08-16-2016 11:45 PM

Looks like jiatang was posting a 'success/solution/fyi/howto/...'.

jiatang: (&all;-) Looks like you need to be more careful (clearer) about clarifying
which is a question (needing help/reply) vs. which is a 'solved'/...

Best wishes!

All times are GMT -5. The time now is 08:07 AM.