In this how-to we will show you how to secure your VPS using IPTables. When you host a server on the internet, dedicated or a VPS, you need to constan
In this how-to we will show you how to secure your VPS using IPTables. When you host a server on the internet, dedicated or a VPS, you need to constantly be aware of security. Blocking unwanted access to services is a good start and that is where IPTables comes in. IPTables is a host based firewall that is highly powerful. You can do a lot more than just permit access based on ports or source and desitination IP addresses. you can do natting or throttling as well. We will save those last few for a more advanced how-to.
The first thing we need to do obviously is install the packages.
Install IPTables Package
Now to define a rule base. You need to stop here for a minute and think what services do you need to be reachable on this host? Is it a web server? Then ports 443 and 80 should suffice. But if you are running a mail server you may need port 25 as well. You also need to determin if you will respond to ping because ICMP needs to be tightened up. Then you need to think about established connections and internal loopback connections. You want all that to work as well. Then again you need to still be able to access your server so you will need port 22 for SSH.
We will use all these ports and protocols as an example. You can add or remove ports as needed for your setup.
Configure IPTables Rules
Now you have a basic rulebase built but you still need to start the firewall. You also want to start IPTables on boot so you need to enable it.
If everything went well you should still be able to access your server on the ports you have opened, yet any other services running, like VNC, will be blocked. You can test this using open-source tools like Nmap.