Iptables rules for clients and servers

Two (more or less) generic sets of iptables rules, one for clients, and another for servers.    #linux #iptables #client #server #ipv4 #ipv6

The set of iptables rules I use for my non-server machines is based on one I long ago found on the internet, and whose origin I have also long lost… so I cannot give credit where it is due. Anyway, the file is here, and it is extensively commented, so you can see what each rule is there to do. To load those (or indeed, any other) rules, I use this shell script.

Save it in the same location as the rules file, and then, after modifying it to suit your needs, do (keep in mind this needs to be done with superuser privileges):

# sh iptables-reload.sh

And that is really all there is to it. Some of the rules are logging rules; the logging is usually done in /var/log/syslog (Debian based distros) or in systemd for Archlinux (cf. https://wiki.archlinux.org/title/Iptables#Logging).

Finally, I also have variation of the above file for servers. Basically, the file above (for clients) allows all outbound traffic, and drops the rest, except for SSH access. The server version, drops everything as a default policy, except SSH and HTTP(S) (but it allows outgoing DNS queries, and ICMP traffic). It is also extensively commented, and can be found here.

April 7, 2022.