LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Configure the Firewalls with NanoPi M3 (https://www.linuxquestions.org/questions/linux-software-2/configure-the-firewalls-with-nanopi-m3-4175586728/)

jiatang 08-10-2016 07:33 AM

Configure the Firewalls with NanoPi M3
 
1、First you have to make sure your NanoPi M3 can work access to the Internet;

2、And you need to install iptables in nanopi m3:
#apt-get install iptables

3、Check the current Iptables information of NanoPi M3 configuration:
#iptables -L

4、Configure /etc/iptables.test.rules:
#vi /etc/iptables.test.rules

<br>*filter

# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
# The --dport number is the same as in /etc/ssh/sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Now you should read up on iptables rules and consider whether ssh access
# for everyone is really desired. Most likely you will only allow access from certain IPs.
# Allow ping
# note that blocking other types of icmp packets is considered a bad idea by some
# remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp:
# https://security.stackexchange.com/questions/22711
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy:
-A INPUT -j REJECT
-A FORWARD -j REJECT COMMIT

5、After configuring file,that you can type following commands to use these rules:
(iptables provides function which saves current running rule)
#iptables-save > /etc/iptables.up.rules
#iptables-restore < /etc/iptables.test.rules

lazydog 08-10-2016 02:33 PM

Is there a question in there some where?

Jjanel 08-16-2016 11:45 PM

Looks like jiatang was posting a 'success/solution/fyi/howto/...'.

jiatang: (&all;-) Looks like you need to be more careful (clearer) about clarifying
which is a question (needing help/reply) vs. which is a 'solved'/...

Best wishes!


All times are GMT -5. The time now is 08:07 AM.