Posts

Showing posts from May, 2016

Quick firewall setting for Ubuntu/Wordpress

To show current firewall rules, use
iptables -L If it's empty, below are the steps to quickly add firewall rules, assuming you want to run a simple wordpress site (only allow loopback, ssh, http, https and drop the rest).
sudo iptables -I INPUT 1 -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP Then save it to file to apply at reboot: sudo sh -c "iptables-save > /etc/iptables.rules" Create a script /etc/network/if-pre-up.d/iptablesload with content below:
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0 and a script /etc/network/if-post-down.d/iptablessave with content below:
#!/bin/sh
iptables-save -c > /etc/iptables.rules
if [ -f /etc/iptables.downrules ]; then
       iptables-restore < /etc/iptables.downrules
fi
exit 0 Don&#…