You'll do this lab on your Ubuntu virtual machine.
- Shut down your Ubuntu virtual machine, and create a snapshot.
You'll roll back to this snapshot for the lab in the next section.
- Look at your iptables rules, or lack thereof, with:
sudo iptables -L
- Create the rules that you need for a basic firewall, allowing for Secure Shell access but denying everything else:
sudo iptables -A INPUT -m conntrack
--ctstate ESTABLISHED,RELATED
-j ACCEPT
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -j DROP
- View the results with:
sudo iptables -L
- Oops, it looks like you forgot about that loopback interface. Add a rule for it at the top of the list:
sudo iptables -I INPUT 1 -i lo -j ACCEPT
- View the results with these two commands. Note the difference between the output of each:
sudo iptables -L
sudo iptables -L -v
- Install the iptables-persistent package, and choose to save the IPv4 and IPv6 rules when prompted:
sudo apt install iptables-persistent
- Reboot the virtual machine and verify that your rules are still active.
- End of lab.
Now, I know you're thinking, "Wow, that's a lot of hoops to jump through just to set up a basic firewall." And yeah, you're right. So, give me a moment to get rid of what I just did with iptables, and I'll show you what the Ubuntu folk came up with to make things simpler.
You can get the whole scoop on how to do iptables on Ubuntu here: https://help.ubuntu.com/community/IptablesHowTo.