Since Debian, the distribution I feel home at the most, unfortunately has weak capabilities to manage iptables by default, I found the following script to be very useful. It runs at startup, is easily editable and can be extended without much effort.
- Create a shell script
- Please mind the
--dport 22line. It allows access to this port to a very limited local subnet mask. Feel free to either host the SSH daemon on a different port or have the port open to only a small range of valid IP addresses. It is not advised to have port 22 open for SSH while being completely open to the public 0.0.0.0/0.
- Additional ports can be set accordingly.
Run the custom iptables configuration
If you are certain everything is setup correctly, and you are be able to access the machine even in case of a problem, then feel free to manually run your script.
If you are still connected, congratulation! Time to add the script to the system auto start.
- Edit the file
/etc/rc.localand add the following line before the last line
vim /etc/rc.local [ -e '/etc/iptables_settings.sh' ] && /bin/sh /etc/iptables_settings.sh