13,420
edits
Changes
no edit summary
You have the ability to create your own customized chains - you can actually name them!
The purpose of creating your own customized chains is to separate all the rules
related to a single <u>service</u> (e.g. SSH, HTTP, FTP, ICMP, etc) from other <u>unrelated</u> rules.
# Remove the rules in your '''INPUT''' chain that are allowing all '''icmp''' and '''ssh''' traffic.
# Change the '''default policy''' on the '''INPUT''' and '''FORWARD''' chains in the filter table to '''DROP'''.
# Remove the rules from the '''INPUT''' and '''FORWARD''' chains that are rejecting all traffic (we are now better protected by the ''default policy'').<br><br>We will now create a new chain called "MYSSH" and create rules just relating to the '''ssh''' service:<br><br>
# Create a new chain named '''MYSSH''' in the filter table. Refer to notes or other resources to learn now to name a chain.
# Add a rule to the beginning of the '''INPUT''' chain of your filter table that sends all '''ssh''' traffic (i.e. tcp packets with destination port 22) to your '''MYSSH''' chain.
