Answered by the Webhosting Experts
Tags +
...

Linux
Managed Services

Just Leave Linux to Us
Is maintaining your Linux server keeping your team bogged down? Alleviate unnecessary stress with one of Hivelocity’s Linux Managed Services plans. With reboots, monitoring, updates, and more, your team can rest easy knowing your hardware and OS are in the hands of hosting experts.

Configure your server today and see the benefits a Hivelocity managed Linux solution can offer you!

Tags +
...
Tags
...
...

Setting Rules for Iptables in Linux

If you’re a Linux user, then chances are your system is already using iptables to control your server’s firewall. For those who are new to the term, iptables is a user-space utility program that gives administrators the ability to modify the IP filtering rules used by the Linux kernel firewall. In other words, it’s a system of rules that tells your server what it can and can’t access online. By editing your system’s iptable rules, you can control incoming and outgoing information by allowing or limiting access to specific ports or IP addresses through your firewall.

In this guide, we’ll cover the basics of how to edit your Linux server’s iptable rules using the command line.

*Note: iptables requires users to have admin access. When modifying iptables rules, be sure to execute your commands as the root user.

 

Modifying Iptables Rules

Before you begin making changes to your iptables rules, you’ll first need to know the commands to stop and restart iptables. The commands are as follows:
 
To stop iptables, use the command:
service iptables stop
 
To start iptables, use the command:
service iptables start

Now that you know how to start and stop iptables as needed, you can begin modifying your system’s rules to your specific needs.

 

Allowing/Denying Specific IP Addresses in Iptables

To modify which IP addresses are able to connect to your server, just follow these steps:

  1. First, you’ll need to stop iptables using the service iptables stop command.
     
  2. Next, to allow a specific IP address, use the command:
     
    iptables -A INPUT -s 82.18.238.16 -j ACCEPT

    *Note: you will need to replace the “82.18.238.16” listed in these examples with the specific IP address you are attempting to allow/deny access to.

  3. If you are attempting to allow an IP address that is on the list of banned IPs, you can remove the rule banning the IP address by using the command:
     
    iptables -D INPUT -s 82.18.238.16 -j DROP
     
    By using “-D” instead of “-A”, you will delete the rule, allowing access to this specific IP address.
     
  4. Alternatively, if you are trying to deny a specific IP address from accessing your server, use the command:
     
    iptables -A INPUT -s 82.18.238.16 -j DROP
     
  5. Once you’ve added or denied all necessary IPs, save your changes using the following command:
     
    service iptables save
     
  6. Lastly, you must restart iptables using the service iptables start command.

 

Allowing/Denying Specific Ports within Iptables

In addition to determining which IP addresses can access or be accessed by your server, you can also use iptables rules to determine which ports your server is accessible on.

*Note: remember to use the stop, save, and start commands before and after to ensure that your changes are accepted and saved.

For example, if you’d like to be able to brows the web and access websites that communicate via port 80, you can append the following rules to allow access to port 80 on your server.
 
iptables -A INPUT -p tcp -m tcp –sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 80 -j ACCEPT

If you’d also like to allow access to secure websites, those listed as HTTPS, you must open port 443 in addition to port 80. The command to do so looks like this:
 
iptables -A INPUT -p tcp -m tcp –sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 443 -j ACCEPT

*Note: If you wanted to deny access to either of these ports, you can repeat this same command and change the final term from ACCEPT to DROP.

Another trick that might prove useful to you, depending on your needs, is the ability to allow remote SSH access by appending the rules to port 22. This can be done using the following rules:
 
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 22 -j ACCEPT

And there you have! You now know several basic iptables commands and can allow or deny ports and IP addresses as needed. By keeping your iptables up to date, you can strengthen your server’s firewall and keep it secure from unwanted access.

Share

Facebook
Twitter
LinkedIn
Email
WhatsApp

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: [email protected] We are also available to you through our phone and live chat system 24/7/365.

Rapid Restore

Backup your entire server’s data every night and have access to 5 days of rolling restore points.  Restore your server’s data, OS and configuration any time you need it.

Our Rapid Restore service saves the day during accidental data loss, hardware failures and virus contraction. Simply pick your recovery point and restore the data from that day. 

DDoS Protection

While our competitors may advertise DDoS protection, most often, they are merely implementing easily evaded router rules or simply black-holing targeted servers. They consider this “DDoS protecting their network.” However, neither of these solutions should give comfort to any online business. Should your site be attacked, chances are likely both of these options will end with your server being taken offline. At Hivelocity, we take the responsibility of keeping your servers online very seriously. For this reason, we offer two very serious forms of DDoS protection.

FREE

Every solution we provide includes our Filtering Edge of Network System (FENS). FENS is a series of proprietary systems that proactively monitors and protects the entire Hivelocity Network from most common Denial of Service (DOS) and Distributed Denial of Service (DDoS) attacks.

$15/MONTH PER SERVER

For an extra fee, you can enhance your server’s protection further with the addition of our Server Defense System. Our Server Defense System sits in front of your server, inspecting inbound data and looking for malicious traffic. The moment an attack is detected, it instantly begins scrubbing each data packet. Hivelocity’s Server Defense System delivers business continuity even in the face of massive and complex attacks.

Our Server Defense System is like adding an alarm and armed guard to your business, alerting you to and destroying anything attempting to jump that fence. Our Server Defense System utilizes internally developed proprietary systems in addition to Corero’s Threat Defense Smartwalls for data packet scrubbing. Each of our data centers is a scrubbing center with Corero Smartwalls on-premise, allowing us to provide on-prem zero-lag data scrubbing.

SSL Certificates

The security of your online commerce and protecting your customers’ data is as important to us as it is to you. When your customers see the green bar, they will know their connection to you is protected. We offer single domain, multi-domain, and wild-card certificates.

We offer industry leading 128-bit encryption certificates, allowing you to conduct e-commerce with complete security. Inspire confidence in your customers by displaying any number of seals and indicators certifying that your site is secure.

Load Balancing

Adding this service to two servers with identical content will allow you to distribute your load evenly across your hardware. Don’t lose business because you couldn’t handle the demand. Load balance and handle your biggest resource spikes with ease.

Firewalls

Stop attacks, prevent unauthorized access, and achieve regulatory compliance. Our Juniper hardware firewalls offload the work so your server never has to consume resources protecting itself from malicious traffic. A single firewall can be used to protect multiple servers.

Cloud Storage

Cloud storage offers users redundancy and easy accessibility, ensuring your data remains secure and readily available. Scale to as much as you need for only a 20¢/GB.

Cloud Storage is distributed and replicated across many servers, protecting your data from hardware failure. Highly scalable, it can handle thousands of client connections via TCP/IP. Connect to your virtual drive with SFTP, FTP, and SSHMount and in the future NFS and AFP. Cloud Storage is based on a stackable design which is upgradeable up to 2TB per instance.