Posts

Showing posts from May, 2016

Quick firewall setting for Ubuntu/Wordpress

To show current firewall rules, use iptables -L If it's empty, below are the steps to quickly add firewall rules, assuming you want to run a simple wordpress site (only allow loopback, ssh, http, https and drop the rest). sudo iptables -I INPUT 1 -i lo -j ACCEPT sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT sudo iptables -A INPUT -j DROP Then save it to file to apply at reboot: sudo sh -c "iptables-save > /etc/iptables.rules" Create a script /etc/network/if-pre-up.d/iptablesload with content below: #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 and a script /etc/network/if-post-down.d/iptablessave with content below: #!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then        iptables-restore <...