Home >Operation and Maintenance >Linux Operation and Maintenance >How to configure a firewall to protect Linux servers from intrusions
How to configure a firewall to protect Linux servers from intrusions
Introduction:
In today's Internet environment, servers face various potential security threats. In order to protect our Linux servers from intrusions, it is crucial to configure a strong firewall. This article will introduce how to use the iptables command to configure a firewall on a Linux server and provide some examples of common rules.
What is iptables?
iptables is a tool used to configure network access rules in the Linux operating system. It is a powerful firewall solution that allows administrators to limit network traffic by defining rules. Using iptables, you can control the flow of packets in and out of your server, thereby enhancing your server's security.
The steps to configure the firewall are as follows:
Define the policy:
Before setting specific rules, you first need to determine the default policy. The default policy determines the action when no matching rule is found. Generally, the least authorization principle should be adopted, that is, denying all traffic by default and allowing only specific traffic to pass. The following example sets the default policy to deny all incoming and outgoing traffic:
sudo iptables -P INPUT DROP sudo iptables -P FORWARD DROP sudo iptables -P OUTPUT DROP
Allow ssh connections (using port 22):
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Allow HTTP connections (using 80 port):
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Allow HTTPS connections (using port 443):
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Allow ping (ICMP):
sudo iptables -A INPUT -p icmp -j ACCEPT
Allow loopback traffic:
sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT
Prevent DDoS attacks:
DDoS (Distributed Denial of Service) attacks are a common A network attack designed to overload the target server and prevent it from providing normal services. An important function of a firewall is to prevent DDoS attacks by limiting the number of connections received per second. The following example limits the maximum number of connections to 20:
sudo iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 20 -j DROP
Logging:
It is important to configure your firewall to log traffic and events in order to detect and respond to potential attacks in a timely manner. You can use the following rules to record firewall logs to the system log file:
sudo iptables -A INPUT -j LOG --log-prefix "Firewall: " sudo iptables -A OUTPUT -j LOG --log-prefix "Firewall: " sudo iptables -A FORWARD -j LOG --log-prefix "Firewall: "
Persistence rules:
After completing the above configuration, you need to save the firewall rules and restart the server automatically loaded later. The firewall configuration can be saved using the following command:
sudo iptables-save > /etc/iptables/rules.v4
Conclusion:
By configuring the firewall and defining appropriate rules, we can protect the Linux server from intrusions. This article explains how to use iptables commands for firewall configuration and provides examples of some common rules. However, server security is an ongoing process and it is recommended to regularly review and update firewall rules to adapt to changing security threats.
The above is the detailed content of How to configure a firewall to protect Linux servers from intrusions. For more information, please follow other related articles on the PHP Chinese website!