Sunday, 7 April 2013

Kali linux - iptables firewall

Well one of the things that Kali does not have is a firewall.. and even though I'm usually behind NAT (s/usually/always/g) I want to have one anyway.. so here it is:

root@hermes:~# cat /etc/firewall.sh

#!/bin/sh
# A very basic IPtables / Netfilter script

PATH='/sbin'

# Flush the tables to apply changes
iptables -F

# Default policy to drop 'everything' but our output to internet
iptables -P FORWARD DROP
iptables -P INPUT   DROP
iptables -P OUTPUT  ACCEPT

# Allow established connections (the responses to our outgoing traffic)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow local programs that use loopback (Unix sockets)
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

# Allow incoming traffic on defined ports
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

and in /etc/rc.local add before "exit 0"

# Launch my netfilter rules
if [ -e '/etc/firewall.sh' ]
then
    /bin/sh '/etc/firewall.sh'
fi

Of course do not forget to chmod +x /etc/firewall.sh
and...
Done :)

Source: Debian Wiki

4 comments: