Software firewall iptables under linux – firewall design – linux operation and maintenance

In the previous articles, I have introduced the tables and chains of iptables, and how to add rule chains. Here, I want to share a simple firewall rule with you. Here I mainly set the rules for the input chain of the filter. This article is equivalent to a practical iptables rule to help you deepen and consolidate the knowledge you have learned. The application rules are as follows: Clear the existing rules and clear all the original rules. Set the default policy, set the default policy of the input chain of the filter to drop, and set the others to accept. Trust this machine, for the loopback network card lo must be set to trustworthy. Response data packet, the data packet that responds to the host’s active external request can enter the machine (establish/related) Reject invalid data packets, reject invalid data packets (INVALID) White list, trust certain ip or network addresses, etc. Blacklist, untrusted ip or network address, etc. Allow icmp packets, release icmp packets Open some ports, some service ports must be opened to the outside world, such as 80, 443, 22 and other ports We are going to make 3 shell scripts Files: iptables.rule, iptables.allow (whitelist), iptables.deny…