Configure and test the iptables script similar to the example below.
The following commands will flush existing rules and set the default rule to drop traffic:
Configure rules to allow services:
Save the rules with the following command:
You may have to insert rules into a chain. For example, if the last rule drops all traffic, none of the rules after it will get evaluated. So, we start by showing the rules with line numbers.
Now we can see that everything is being dropped by the rule on line 5. In order to allow TCP/80 and TCP/5666 we will have to insert rules before line 5.
Now we can see that the new rules appear in the chain before the drop rule.
The following lines will drop all access from BOGON addresses:
Iptables can be configured to drop or accept traffic from certain countries. The following lines will drop all traffic from countries that have a bad habit of showing up in my logs: