Install the iptables package.
# apt-get install iptables
Create a new filter config, or dump a loaded from another place (iptables-save > iptables.conf)
Replace “x.x.x.x” with your remote ip address.
# vim /etc/iptables.conf # Generated by iptables-save v1.4.2 on Fri Feb 12 17:20:03 2010 *filter # accept all established incoming connections on eth0 -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # allow dhcp traffic -A INPUT -i eth0 -p udp -m udp --sport 67 --dport 68 -j ACCEPT # allow everything on loopback -A INPUT -i lo -j ACCEPT # ntp -A INPUT -p udp -m udp --sport 123 -j ACCEPT # icmp -A INPUT -p icmp -j ACCEPT # http -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ssh -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # the good guys -A INPUT -s x.x.x.x -j ACCEPT # reject the rest -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT # Completed on Fri Feb 12 17:20:03 2010
Load them from file, testdrive them, and you require on-the-fly edits with the iptables command, save them as well (iptables-save > /etc/iptables.conf)
/sbin/iptables-restore < /etc/iptables.conf /sbin/iptables -L
Put it into rc.local to load rules on boot at the end.
# vim /etc/rc.local # load iptables /sbin/iptables-restore < /etc/iptables.conf
Make sure to backup your iptables filter config as well!