3
1
I wish to set up a secure home file server on a Debian computer. I will be using my own server software that utilizes only a single TCP port. To make sure that the machine is fully secure, I'm thinking that I should close all ports except for the one my protocol is running on (such that no other protocol can be used or accessed on the machine).
Does anyone know what the best way is to close all of the ports except for one?
StackUnderflow
Posted 2014-05-14T21:43:34.433
Reputation: 263
2
You can set the default iptables policy so that it only accepts communication from certain ports (or a range of ports):
## Drop all incoming traffic on all ports
iptables -P INPUT DROP
## Allow connections from one port
## Do not include brackets when entering the following variables,
## [portnum] is just 80 not [80]
## [interface] == default network interface (such as eth0)
## [protocol] == the protocol you want, such as tcp, udp, and etc
## [portnum] == port number, such as 80, 443, and etc
iptables -A INPUT -i [interface] -p [protocol] --dport [portnumb] -J ACCEPT
## Allow a range of ports, such as ports 1001-1005
iptables -A INPUT -i [interface] -p [protocol] --dport [portnum]:[portnum] -J ACCEPT
Hope this helps.
ChrisR.
Posted 2014-05-14T21:43:34.433
Reputation: 440
I forgot to add, you can save these rules by running
iptables-save > /path/to/file/you/want. You can then append the line/sbin/iptables-restore < /path/to/file/you/savedto/etc/rc.localso that these rules are loaded on boot. – ChrisR. – 2014-05-14T22:04:27.990Don't forget you have to manage IPV6 as well. You can probably Drop all packets or copy the same as above using ip6tables. – Spencer5051 – 2014-05-14T22:44:20.670