Wiki

User Tools

Site Tools

Trace:
systems:media_server:secure_the_server:setup_a_firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
systems:media_server:secure_the_server:setup_a_firewall [2025/05/31 09:59] petersystems:media_server:secure_the_server:setup_a_firewall [2025/05/31 11:34] (current) peter
Line 1: Line 1:
 ====== Systems - Media Server - Secure the Server - Setup a Firewall ====== ====== Systems - Media Server - Secure the Server - Setup a Firewall ======
  
-===== Create a systemd service for the firewall =====+====== Create a firewall-reset script ======
  
-Create a new systemd unit filenamed **/etc/systemd/system/sharewiz-firewall.service**:+<file bash /sharewiz/firewall/firewall-reset.sh> 
 +#!/bin/bash 
 +
 +# Resets all firewall rules 
 + 
 +echo "Stopping firewall and allowing everyone..." 
 + 
 +
 +# Modify the following settings as required: 
 +
 + 
 +IPTABLES=/sbin/iptables 
 + 
 +
 +# Reset the default policies in the filter table. 
 +
 + 
 +$IPTABLES -P INPUT ACCEPT 
 +$IPTABLES -P FORWARD ACCEPT 
 +$IPTABLES -P OUTPUT ACCEPT 
 + 
 +
 +# Reset the default policies in the nat table. 
 +
 + 
 +$IPTABLES -t nat -P PREROUTING ACCEPT 
 +$IPTABLES -t nat -P POSTROUTING ACCEPT 
 +$IPTABLES -t nat -P OUTPUT ACCEPT 
 + 
 +
 +# Reset the default policies in the mangle table. 
 +
 + 
 +$IPTABLES -t mangle -P PREROUTING ACCEPT 
 +$IPTABLES -t mangle -P POSTROUTING ACCEPT 
 +$IPTABLES -t mangle -P INPUT ACCEPT 
 +$IPTABLES -t mangle -P OUTPUT ACCEPT 
 +$IPTABLES -t mangle -P FORWARD ACCEPT 
 + 
 +
 +# Flush all the rules in the filter, nat and mangle tables. 
 +
 + 
 +$IPTABLES -F 
 +$IPTABLES -t nat -F 
 +$IPTABLES -t mangle -F 
 + 
 +
 +# Erase all chains that are not default in filter, nat and mangle tables. 
 +
 + 
 +$IPTABLES -X 
 +$IPTABLES -t nat -X 
 +$IPTABLES -t mangle -X 
 +</file> 
 + 
 +<WRAP info> 
 +**NOTE:** This resets all firewall rules. 
 +</WRAP> 
 + 
 +---- 
 + 
 +====== Create a firewall-reset script ====== 
 + 
 +<file bash /sharewiz/firewall/firewall.sh> 
 + 
 +</file> 
 + 
 +---- 
 + 
 +===== Create a systemd service unit file for the firewall ===== 
 + 
 +Create a file named **/etc/systemd/system/sharewiz-firewall.service**:
  
 <file bash /etc/systemd/system/sharewiz-firewall.service> <file bash /etc/systemd/system/sharewiz-firewall.service>
 +[Unit]
 +Description=Runs the firewall.
 +
 +[Service]
 [Unit] [Unit]
 Description=Runs the firewall. Description=Runs the firewall.
Line 11: Line 87:
 [Service] [Service]
 ExecStart=/sharewiz/firewall/firewall.sh ExecStart=/sharewiz/firewall/firewall.sh
 +ExecStop=/sharewiz/firewall/firewall-reset.sh
 Type=oneshot Type=oneshot
 RemainAfterExit=yes RemainAfterExit=yes
Line 21: Line 98:
 <WRAP info> <WRAP info>
 **NOTE:**  Ensure that the script that is going to be run is executable. **NOTE:**  Ensure that the script that is going to be run is executable.
 +
 +  * **ExecStart** - this is the script that is run when the service starts.
 +  * **ExecStop** - this is the script that is run when the service stops.
 </WRAP> </WRAP>
  
Line 36: Line 116:
 **NOTE:**  The **systemctl daemon-reload** command reloads all unit files, including the new unit file created for the firewall. **NOTE:**  The **systemctl daemon-reload** command reloads all unit files, including the new unit file created for the firewall.
 </WRAP> </WRAP>
 +
 +----
 +
 +===== Check firewall status =====
 +
 +<code bash>
 +sudo iptables -L INPUT -n
 +</code>
 +
 +returns:
 +
 +<code>
 +Chain INPUT (policy DROP)
 +target     prot opt source               destination         
 +...
 +lots of rules...
 +</code>
 +
 +
 +<WRAP info>
 +**NOTE:**  This should display a lot of rules.
 +</WRAP>
 + 
  
 ---- ----
systems/media_server/secure_the_server/setup_a_firewall.1748685566.txt.gz · Last modified: 2025/05/31 09:59 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki