![]() To do so, we need to edit the /etc/network/interfaces file: sudo nano /etc/network/interfacesĪt the end of the file we'll add the following line: This will write a file to /etc/network/iptables which will initiate iptables on system boot.ģ. Let's now setup the file so a reboot keeps the iptables configuration. First, we need to run: sudo bash -c 'iptables-save > /etc/network/iptables' You will get something like this: gateway 192.168.1.1Ģ. We will now set up iptables rules to allow external visitors to see our website without the ability to log into our Pi. To make a basic configuration of your iptables to allow yourself ssh access without the risk of being hacked you should:ġ. Check your router's IP address, as we will be blocking any access from there apart from http and https ports (80 and 443 respectively): sudo grep gateway /etc/network/interfaces I've covered the iptables in general here, but I've abandoned sshblack and made use of a better and more flexible tool - fail2ban. If, for any reason, you're unable to access your Pi through ssh or your website stopped working, connect your Pi to a monitor/TV or open your SD Card on a computer running Linux and re-edit the iptables rules in /etc/network/iptables.NOTE: Be extremely careful when configuring iptables, as you might block yourself from accessing your Pi!.The first command will install iptables, the second will enable them on your system. To install them, type: sudo apt-get update & apt-get install iptables``sudo /etc/init.d/iptables start If any of the commands I've provided here work, iptables might not be installed on your system. But once you've grasped the basics of commands, you can write your own script instead of using ready ones, which not always may be correct for your needs. The firewall configuration, especially if you're a beginner in Linux, may seem tricky and difficult to understand.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |