IPtables network filtering
#? getting-start iptables
#
#? set iptables logging
sudo iptables -A INPUT -j LOG --log-prefix DROP-IN
#? reject any TCP rule to not send back TCP RST when scanned
iptables -I INPUT -p tcp --dport <port> -j REJECT --reject-with tcp-reset
#? check iptables logs
sudo iptables -nvL
sudo tail -f /var/log/kern.log
# iptables count reset
sudo iptables -A INPUT -j LOG --log-prefix DROPPED-INGRESS-
Saving & persistency
#? save iptables config
iptables-save > /etc/iptables.rules
cd /etc/rc0.d; ln -s ../iptables.rules K01iptables
#? restore iptables config
iptables-restore
Common policies