Wiki

User Tools

Site Tools

Trace:
systems:media_server:secure_the_server:setup_a_firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
systems:media_server:secure_the_server:setup_a_firewall [2025/05/31 09:59] petersystems:media_server:secure_the_server:setup_a_firewall [2025/05/31 11:34] (current) peter
Line 1: Line 1:
 ====== Systems - Media Server - Secure the Server - Setup a Firewall ====== ====== Systems - Media Server - Secure the Server - Setup a Firewall ======
 +
 +====== Create a firewall-reset script ======
 +
 +<file bash /sharewiz/firewall/firewall-reset.sh>
 +#!/bin/bash
 +#
 +# Resets all firewall rules
 +
 +echo "Stopping firewall and allowing everyone..."
 +
 +#
 +# Modify the following settings as required:
 +#
 +
 +IPTABLES=/sbin/iptables
 +
 +#
 +# Reset the default policies in the filter table.
 +#
 +
 +$IPTABLES -P INPUT ACCEPT
 +$IPTABLES -P FORWARD ACCEPT
 +$IPTABLES -P OUTPUT ACCEPT
 +
 +#
 +# Reset the default policies in the nat table.
 +#
 +
 +$IPTABLES -t nat -P PREROUTING ACCEPT
 +$IPTABLES -t nat -P POSTROUTING ACCEPT
 +$IPTABLES -t nat -P OUTPUT ACCEPT
 +
 +#
 +# Reset the default policies in the mangle table.
 +#
 +
 +$IPTABLES -t mangle -P PREROUTING ACCEPT
 +$IPTABLES -t mangle -P POSTROUTING ACCEPT
 +$IPTABLES -t mangle -P INPUT ACCEPT
 +$IPTABLES -t mangle -P OUTPUT ACCEPT
 +$IPTABLES -t mangle -P FORWARD ACCEPT
 +
 +#
 +# Flush all the rules in the filter, nat and mangle tables.
 +#
 +
 +$IPTABLES -F
 +$IPTABLES -t nat -F
 +$IPTABLES -t mangle -F
 +
 +#
 +# Erase all chains that are not default in filter, nat and mangle tables.
 +#
 +
 +$IPTABLES -X
 +$IPTABLES -t nat -X
 +$IPTABLES -t mangle -X
 +</file>
 +
 +<WRAP info>
 +**NOTE:** This resets all firewall rules.
 +</WRAP>
 +
 +----
 +
 +====== Create a firewall-reset script ======
 +
 +<file bash /sharewiz/firewall/firewall.sh>
 +
 +</file>
 +
 +----
  
 ===== Create a systemd service unit file for the firewall ===== ===== Create a systemd service unit file for the firewall =====
  
-Create a new systemd unit filenamed **/etc/systemd/system/sharewiz-firewall.service**:+Create a file named **/etc/systemd/system/sharewiz-firewall.service**:
  
 <file bash /etc/systemd/system/sharewiz-firewall.service> <file bash /etc/systemd/system/sharewiz-firewall.service>
 +[Unit]
 +Description=Runs the firewall.
 +
 +[Service]
 [Unit] [Unit]
 Description=Runs the firewall. Description=Runs the firewall.
Line 11: Line 87:
 [Service] [Service]
 ExecStart=/sharewiz/firewall/firewall.sh ExecStart=/sharewiz/firewall/firewall.sh
 +ExecStop=/sharewiz/firewall/firewall-reset.sh
 Type=oneshot Type=oneshot
 RemainAfterExit=yes RemainAfterExit=yes
Line 21: Line 98:
 <WRAP info> <WRAP info>
 **NOTE:**  Ensure that the script that is going to be run is executable. **NOTE:**  Ensure that the script that is going to be run is executable.
 +
 +  * **ExecStart** - this is the script that is run when the service starts.
 +  * **ExecStop** - this is the script that is run when the service stops.
 </WRAP> </WRAP>
  
Line 36: Line 116:
 **NOTE:**  The **systemctl daemon-reload** command reloads all unit files, including the new unit file created for the firewall. **NOTE:**  The **systemctl daemon-reload** command reloads all unit files, including the new unit file created for the firewall.
 </WRAP> </WRAP>
 +
 +----
 +
 +===== Check firewall status =====
 +
 +<code bash>
 +sudo iptables -L INPUT -n
 +</code>
 +
 +returns:
 +
 +<code>
 +Chain INPUT (policy DROP)
 +target     prot opt source               destination         
 +...
 +lots of rules...
 +</code>
 +
 +
 +<WRAP info>
 +**NOTE:**  This should display a lot of rules.
 +</WRAP>
 + 
  
 ---- ----
systems/media_server/secure_the_server/setup_a_firewall.1748685579.txt.gz · Last modified: 2025/05/31 09:59 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki