Install the iptables package.

# apt-get install iptables

Create a new filter config, or dump a loaded from another place (iptables-save > iptables.conf)
Replace “x.x.x.x” with your remote ip address.

# vim /etc/iptables.conf

# Generated by iptables-save v1.4.2 on Fri Feb 12 17:20:03 2010

# accept all established incoming connections on eth0
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# allow dhcp traffic
-A INPUT -i eth0 -p udp -m udp --sport 67 --dport 68 -j ACCEPT

# allow everything on loopback
-A INPUT -i lo -j ACCEPT

# ntp
-A INPUT -p udp -m udp --sport 123 -j ACCEPT

# icmp
-A INPUT -p icmp -j ACCEPT

# http
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

# ssh
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# the good guys
-A INPUT -s x.x.x.x -j ACCEPT

# reject the rest

# Completed on Fri Feb 12 17:20:03 2010

Load them from file, testdrive them, and you require on-the-fly edits with the iptables command, save them as well (iptables-save > /etc/iptables.conf)

/sbin/iptables-restore < /etc/iptables.conf
/sbin/iptables -L

Put it into rc.local to load rules on boot at the end.

# vim /etc/rc.local

# load iptables
/sbin/iptables-restore < /etc/iptables.conf

Make sure to backup your iptables filter config as well!

%d bloggers like this: