Iptables
From ArchWiki
Article summary |
---|
Information regarding the setup and configuration of iptables. |
Related |
Firewalls |
Contents |
Introduction
iptables is a tool for administering the built-in firewall capabilities of the Linux kernel. It is a very large and complex piece of software.
Installation
The installation of iptables is the only simple part of this process:
# pacman -S iptables
That's it! Now, move on to configuration.
Configuration
These configuration instructions require that there are currently no rules set. Check, using the command:
# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0K packets, 0 bytes) pkts bytes target prot opt in out source destination
If the output looks like the above, then there are no rules. If it does not look like the above, reset iptables with:
# iptables -P INPUT ACCEPT # iptables -P FORWARD ACCEPT # iptables -P OUTPUT ACCEPT # iptables -F # iptables -X
Iptables logging
Assuming you are using syslog-ng which is the default in Archlinux, you can control where iptables' log output goes this way:
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
to
filter f_everything { level(debug..emerg) and not facility(auth, authpriv) and not filter(f_iptables); };
This will stop logging iptables output to /var/log/everything.log.
If you also want iptables to log to a different file than /var/log/iptables.log, you can simply change the file value of destination d_iptables here (still in syslog-ng.conf)
destination d_iptables { file("/var/log/iptables.log"); };