Qortal Project

Iptables Linux firewall is used to monitor incoming and outgoing traffic to a computer and filter it based on user-defined rules to prevent anyone from accessing the computer or IP masqueraded devices. Using Iptables you can define rules simple rules which will allow only selective traffic on your computer or the router itself.

Before you begin with Iptables tutorial, you will need the following:

A local machine with SSH client installed. Putty https://www.putty.org/ is your best option for Windows OS while ssh client comes pre-installed on Linux OS.

All data is sent in the form packets over the internet. Linux kernel provides an interface to filter both incoming and outgoing traffic packets using tables of packet filters. Iptables is a command line application and a Linux firewall that you can use to set-up, maintain and inspect these tables. Multiple tables can be defined. Each table can contain multiple chains. A chain is nothing but a set of rules. Each rule defines what to do with the packet if it matches with that packet. When the packet is matched, it is given a TARGET. A target can be another chain to match with or one of the following special values:

ACCEPT: It means the packet will be allowed to pass through.
DROP: It means that packet will not be allowed to pass through.
RETURN: It means to skip the current chain and go back to the next rule from the chain it was called in. For the scope of this iptables tutorial, we are going to work with one of the default tables called filter. Filters table has three chains ( sets of rules).

INPUT – This chain is used to control incoming packets to the server. You can block/allow connections based on port, protocol or source IP address.
FORWARD – This chain is used to filter packets that are incoming to the server but are to be forwarded somewhere else.
OUTPUT – This chain is used to filter packets that are going out from your server.

This section assumes you are already SSH'ed into the QORT router. Look at Getting Started Work in progress

* iptables -L -v ( list current firewall rules )
* iptables -F ( flush all rules )
* iptables-save > /etc/iptables.rules ( saves your custom rules ) OR you can edit the file with nano editor /etc/rc.local and paste your rules there. Do "nano /etc/rc.local" , paste the rules and Ctrl + X to save and edit.

These rules are copy and paste. Simply paste them at the QORT terminal via SSH and save.

Block outgoing port: /sbin/iptables -A OUTPUT -p tcp –dport {PORT-NUMBER-HERE} -j DROP. For example, you want to block telnet port 21 then put 21 after –dport. It will be /sbin/iptables -A OUTPUT -p tcp –dport 21 -j DROP . Similary if you wish to block a DNS then its port 53. Look at common used ports by services on Wikipedia https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Examples:

Block HTTP /sbin/iptables -A OUTPUT -p tcp –dport 80 -j DROP
Block HTTPS /sbin/iptables -A OUTPUT -p tcp –dport 443 -j DROP
Block outoing DNS /sbin/iptables -A OUTPUT -p udp –dport 53 -j DROP

* Block incoming port: /sbin/iptables -A INPUT -p tcp –destination-port {PORT-NUMBER-HERE} -j DROP. It works same as outgoing port syntax. Simply enter port numbers of running services you do not want accessed outside your network.

Examples:

Block HTTP /sbin/iptables -A INPUT -p tcp –destination-port 80 -j DROP Block HTTPS /sbin/iptables -A INPUT -p tcp –destination-port 443 -j DROP