Simple Stateful Firewall

Austin Haedicke bio photo By Austin Haedicke Comment

The firewall is one of the most basic components of your network security. There are a lot of debates about Linux and security, but a firewall is a must regardless. There are GUI tools available to help you do this (such as Uncomplicated Firewall), but going a bit more minimal has its benefits.

For one, it is a bit more invovled, but as is usually the case with more “manual” and minimal implementations, you learn more about the process. This is done through a program called iptables. The Arch Wiki section on Stateful Firewalls is very detailed. In addition to that, you can easily find a list of the 25 most common iptable rules.

What can make this implementation painless is if you take the commands you issue (either through the 25 list or reading the wiki) and include them in a single script.

~/scripts/iptables.rules
---
# Simple Stateful Firewall

# Check current rules
#iptables-save

# Load Default Rules
#iptables-restore < /etc/iptables/empty.rules

# Create Chains
iptables -N TCP
iptables -N UDP

# etc...

Next, make the file executable:

$ chmod u+x ~/scripts/iptables.rules

Finally, create a shell alias in your ~/.{ba,z}shrc. It will make sense here to fire up your network driver and deploy the firewall in one line like so:

~/.zshrc
---
alias wup="sudo wifi-menu; sudo ~/scripts/iptables.rules"
comments powered by Disqus