1,234
edits
Changes
→Creating Customized Chains
# Add a rule to your '''MYSSH''' chain to accept all traffic on your virtual interface from '''192.168.X.0/24''' (i.e. your internal network).
# Add rules to the '''end of the MYSSH chain''' to drop all remaining '''ssh''' connections, but to log these denied packets with log level 'info' and log prefix "DENIED BY MYSSH" before doing so.
# Issue '''iptables -L-v''' to view your firewall rules for your newly-created chain.<br><br>Let's create a new chain to create rules relating only to the '''ICMP''' protocol (ping):<br><br>
# Remove the rules in your '''INPUT''' chain that are allowing all '''icmp''' and '''ssh''' traffic.
# Make a new chain named '''MYICMP'''.
# Add a rule to your '''MYICMP''' chain that denies '''ICMP pings''' originating with MAC address of your partner's machine.
# Add a rule to your '''MYICMP''' chain that denies '''ICMP pings''' originating with IP address of your partner's machine.
# Issue '''iptables -L-v''' to view your firewall rules for your newly-created chains.
# Once you are happy with how your firewall works - make a backup of the original default rules: <source lang='bash'>cp /etc/sysconfig/iptables /etc/sysconfig/iptables.original</source>
# Overwrite the defaults with the current state of the firewall:<source lang='bash'>/usr/libexec/iptables/iptables.init save</source>
