{"id":3477,"date":"2014-08-07T10:41:31","date_gmt":"2014-08-07T15:41:31","guid":{"rendered":"https:\/\/secure.rosehosting.com\/blog\/?p=3477"},"modified":"2022-12-19T06:38:05","modified_gmt":"2022-12-19T12:38:05","slug":"securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall","status":"publish","type":"post","link":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/","title":{"rendered":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p><img decoding=\"async\" class=\"alignleft  wp-image-3478\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png\" alt=\"securing-your-ubuntu-based-vps-using-iptables-firewall\" width=\"320\" height=\"320\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png 400w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall-150x150.png 150w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall-300x300.png 300w\" sizes=\"(max-width: 320px) 100vw, 320px\" \/>In the following article we will show you how you can <strong>secure and protect your <a title=\"Ubuntu and Debian based virtual servers\" href=\"https:\/\/www.rosehosting.com\/managed-vps-hosting.html\" target=\"_blank\" rel=\"noopener noreferrer\">Ubuntu or Debian based virtual server<\/a> using a firewall<\/strong> application, called <a title=\"iptables\" href=\"https:\/\/www.netfilter.org\/projects\/iptables\/\" target=\"_blank\" rel=\"noopener noreferrer\">iptables<\/a>.<\/p>\n<p><strong>What is iptables?<\/strong><\/p>\n<p>It is is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (<em>implemented as different Netfilter modules<\/em>) and the chains and rules it stores.<\/p>\n<p>In order to keep down the number of attempted break-ins and to filter the ports opened on your <a title=\"Linux VPS Hosting\" href=\"https:\/\/www.rosehosting.com\/managed-vps-hosting.html\" target=\"_blank\" rel=\"noopener noreferrer\">virtual server<\/a>, it is necessary to&nbsp;properly configure your <strong>firewall<\/strong>.<\/p>\n<p><!--more--><\/p>\n<p>To make the management of your server&#8217;s firewall rules easier, we will provide a simple shell script that will help with the management of the firewall rules. Basically, whenever you need to change your firewall rules, you would use this script to add\/remove the desired rule(s).<\/p>\n<h3><strong>SET-UP FIREWALL RULES<\/strong><\/h3>\n<p>Before wrapping the rules in a script, let&#8217;s split it in sections so you can know the design of the firewall and what rules will be in place.<\/p>\n<h4><strong>FLUSH OLD RULES<\/strong><\/h4>\n<p>The firewall rules can be flushed using the following commands:<\/p>\n<pre>## iptables --flush\r\n## iptables --delete-chain\r\n## iptables --table nat --flush\r\n## iptables --table nat --delete-chain<\/pre>\n<h4><strong>DETERMINE SERVICE PORTS<\/strong><\/h4>\n<p>You have to know what services you have exposed to the public so you can set appropriate rules for them. One way to find what services are listening on what ports is to use the <code>netstat<\/code> or <code>ss<\/code> commands as in:<\/p>\n<pre>## netstat -tunlp\r\n\r\nor\r\n\r\n## ss -tunlp<\/pre>\n<p>for example, we are using one of our <a title=\"Ubuntu VPS Hosting\" href=\"https:\/\/www.rosehosting.com\/ubuntu-hosting.html\" target=\"_blank\" rel=\"noopener noreferrer\">Ubuntu 12.04 LTS virtual servers<\/a> and the following is the output of the <code>netstat<\/code> command:<\/p>\n<pre>## netstat -tunlp\r\nActive Internet connections (only servers)\r\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name\r\ntcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      296\/mysqld\r\ntcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      449\/sendmail: MTA:\r\ntcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      261\/dovecot\r\ntcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      261\/dovecot\r\ntcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      590\/apache2\r\ntcp        0      0 209.135.140.77:53       0.0.0.0:*               LISTEN      353\/named\r\ntcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      353\/named\r\ntcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      173\/vsftpd\r\ntcp        0      0 0.0.0.0:5622            0.0.0.0:*               LISTEN      630\/sshd\r\ntcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      449\/sendmail: MTA:\r\ntcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      353\/named\r\ntcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      590\/apache2\r\ntcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      261\/dovecot\r\ntcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      261\/dovecot\r\nudp        0      0 209.135.140.77:53       0.0.0.0:*                           353\/named\r\nudp        0      0 127.0.0.1:53            0.0.0.0:*                           353\/named<\/pre>\n<p>so this means that we have the following ports opened to the public:<\/p>\n<ul>\n<li>25 (smtp)<\/li>\n<li>587 (smtp submission)<\/li>\n<li>110 (pop3)<\/li>\n<li>143 (imap)<\/li>\n<li>993 (imap ssl)<\/li>\n<li>995 (pop3 ssl)<\/li>\n<li>80 (http)<\/li>\n<li>443 (https)<\/li>\n<li>53 (dns)<\/li>\n<li>21 (ftp)<\/li>\n<li>5622 (ssh)<\/li>\n<\/ul>\n<h4><strong>SET-UP DEFAULT POLICIES<\/strong><\/h4>\n<p>ok, so now we can set-up our firewall&#8217;s policies to <b>DROP<\/b> everything in the <b>INPUT<\/b> and <b>FORWARD<\/b> chains and allow traffic in the <b>OUTPUT<\/b> chain.<\/p>\n<p><i>the default table <code>filter<\/code> contains three built-in chain: <\/i><\/p>\n<ol>\n<li><em>Inbound traffic addressed to the machine itself hits the INPUT chain.<\/em><\/li>\n<li><em>Outbound, locally-generated traffic hits the OUTPUT chain.<\/em><\/li>\n<li><em>Routed traffic which should not be delivered locally hits the FORWARD chain.<\/em><\/li>\n<\/ol>\n<p><i>check <code>man 8 iptables<\/code> for more information on this<\/i><\/p>\n<p>default policies can be applied using the following commands:<\/p>\n<pre>## iptables -P INPUT DROP # &lt;- do not run this over ssh as it will lock you out\r\n## iptables -P FORWARD DROP\r\n## iptables -P OUTPUT ACCEPT<\/pre>\n<h4><strong>SET-UP FIREWALL RULES<\/strong><\/h4>\n<p>Next thing to do is to actually set-up the firewall rules for our services. As the INPUT chain is DROPPED, we will need to white-list the services which are listening on public ports, so:<\/p>\n<p>the first thing is to enable free use of the <code>loopback interfaces<\/code>, to ensure all TCP sessions should begin with SYN and to allow established and related packets:<\/p>\n<pre>## iptables -A INPUT -i lo -j ACCEPT\r\n## iptables -A OUTPUT -o lo -j ACCEPT\r\n## iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP\r\n## iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<\/pre>\n<p>next, let&#8217;s open our service ports by using firewall rules like:<\/p>\n<pre>### SSH\r\n## iptables -A INPUT -p tcp --dport 5622  -m state --state NEW -j ACCEPT\r\n\r\n### HTTP\r\n## iptables -A INPUT -p tcp --dport 80  -m state --state NEW -j ACCEPT\r\n\r\n### SMTP\r\n## iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT<\/pre>\n<p>and so on. Once all the services are white-listed, it is a good idea to allow ICMP packets and to LOG and DROP everything else in the INPUT chain.<\/p>\n<pre>## iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT\r\n## iptables -A INPUT -j LOG\r\n## iptables -A INPUT -j DROP<\/pre>\n<h4><strong>SAVE\/RESTORE THE FIREWALL RULES<\/strong><\/h4>\n<p>Firewall rules are not persistent by default, which means they will be lost if you reboot your <a title=\"Linux VPS Hosting\" href=\"https:\/\/www.rosehosting.com\/managed-vps-hosting.html\" target=\"_blank\" rel=\"noopener noreferrer\">virtual server<\/a> for example. To save your current firewall in <code>\/etc\/fwall.rules<\/code> you would use something like:<\/p>\n<pre>## iptables-save &gt; \/etc\/fwall.rules<\/pre>\n<p>and to restore the saved rules, you would use something like:<\/p>\n<pre>## iptables-restore -c \/etc\/fwall.rules<\/pre>\n<p>to make the rules automatically restored on system start-up, you would either have to use a package named <code>iptables-persistent<\/code> or you can simply create a script in <code>\/etc\/network\/if-pre-up.d<\/code> which will load the rules saved in <code>\/etc\/fwall.rules<\/code>, for example:<\/p>\n<pre>## vim \/etc\/network\/if-pre-up.d\/iptables\r\n\r\n#!\/bin\/bash\r\ntest -e \/etc\/fwall.rules &amp;&amp; iptables-restore -c \/etc\/fwall.rules\r\n\r\n## chmod +x \/etc\/network\/if-pre-up.d\/iptables<\/pre>\n<hr>\n<h3><strong>FIREWALL SCRIPT<\/strong><\/h3>\n<p>save the script in <code>\/usr\/local\/bin\/fwall-rules<\/code> and make it executable<\/p>\n<pre>#!\/bin\/bash\r\n\r\nIPTABLES=\/sbin\/iptables\r\n\r\necho \" * flushing old rules\"\r\n${IPTABLES} --flush\r\n${IPTABLES} --delete-chain\r\n${IPTABLES} --table nat --flush\r\n${IPTABLES} --table nat --delete-chain\r\n\r\necho \" * setting default policies\"\r\n${IPTABLES} -P INPUT DROP\r\n${IPTABLES} -P FORWARD DROP\r\n${IPTABLES} -P OUTPUT ACCEPT\r\n\r\necho \" * allowing loopback devices\"\r\n${IPTABLES} -A INPUT -i lo -j ACCEPT\r\n${IPTABLES} -A OUTPUT -o lo -j ACCEPT\r\n\r\n${IPTABLES} -A INPUT -p tcp ! --syn -m state --state NEW -j DROP\r\n${IPTABLES} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\n## BLOCK ABUSING IPs HERE ##\r\n#echo \" * BLACKLIST\"\r\n#${IPTABLES} -A INPUT -s _ABUSIVE_IP_ -j DROP\r\n#${IPTABLES} -A INPUT -s _ABUSIVE_IP2_ -j DROP\r\n\r\necho \" * allowing ssh on port 5622\"\r\n${IPTABLES} -A INPUT -p tcp --dport 5622  -m state --state NEW -j ACCEPT\r\n\r\necho \" * allowing ftp on port 21\"\r\n${IPTABLES} -A INPUT -p tcp --dport 21  -m state --state NEW -j ACCEPT\r\n\r\necho \" * allowing dns on port 53 udp\"\r\n${IPTABLES} -A INPUT -p udp -m udp --dport 53 -j ACCEPT\r\n\r\necho \" * allowing dns on port 53 tcp\"\r\n${IPTABLES} -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT\r\n\r\necho \" * allowing http on port 80\"\r\n${IPTABLES} -A INPUT -p tcp --dport 80  -m state --state NEW -j ACCEPT\r\n\r\necho \" * allowing https on port 443\"\r\n${IPTABLES} -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT\r\n\r\necho \" * allowing smtp on port 25\"\r\n${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT\r\n\r\necho \" * allowing submission on port 587\"\r\n${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT\r\n\r\necho \" * allowing imaps on port 993\"\r\n${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT\r\n\r\necho \" * allowing pop3s on port 995\"\r\n${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT\r\n\r\necho \" * allowing imap on port 143\"\r\n${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT\r\n\r\necho \" * allowing pop3 on port 110\"\r\n${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT\r\n\r\necho \" * allowing ping responses\"\r\n${IPTABLES} -A INPUT -p ICMP --icmp-type 8 -j ACCEPT\r\n\r\n# DROP everything else and Log it\r\n${IPTABLES} -A INPUT -j LOG\r\n${IPTABLES} -A INPUT -j DROP\r\n\r\n#\r\n# Save settings\r\n#\r\necho \" * SAVING RULES\"\r\n\r\nif [[ -d \/etc\/network\/if-pre-up.d ]]; then\r\n    if [[ ! -f \/etc\/network\/if-pre-up.d\/iptables ]]; then\r\n        echo -e \"#!\/bin\/bash\" &gt; \/etc\/network\/if-pre-up.d\/iptables\r\n        echo -e \"test -e \/etc\/iptables.rules &amp;&amp; iptables-restore -c \/etc\/iptables.rules\" &gt;&gt; \/etc\/network\/if-pre-up.d\/iptables\r\n        chmod +x \/etc\/network\/if-pre-up.d\/iptables\r\n    fi\r\nfi\r\n\r\niptables-save &gt; \/etc\/fwall.rules\r\niptables-restore -c \/etc\/fwall.rules<\/pre>\n<pre>## chmod +x \/usr\/local\/bin\/fwall-rules<\/pre>\n<p>to activate the rules you&#8217;ve prepared in the script, just execute<\/p>\n<pre>## fwall-rules<\/pre>\n<p>from the command line. To add or remove a rule, you just need to to open the script, add or remove your desired rule, save and run it again, for example:<\/p>\n<pre>## fwall-rules\r\n * flushing old rules\r\n * setting default policies\r\n * allowing loopback devices\r\n * allowing ssh on port 5622\r\n * allowing ftp on port 21\r\n * allowing dns on port 53 udp\r\n * allowing dns on port 53 tcp\r\n * allowing http on port 80\r\n * allowing https on port 443\r\n * allowing smtp on port 25\r\n * allowing submission on port 587\r\n * allowing imaps on port 993\r\n * allowing pop3s on port 995\r\n * allowing imap on port 143\r\n * allowing pop3 on port 110\r\n * allowing ping responses\r\n * SAVING RULES<\/pre>\n<hr>\n<p>Of course you don\u2019t have to do any of this if you use one of our <a title=\"Linux VPS Hosting\" href=\"https:\/\/www.rosehosting.com\/managed-vps-hosting.html\" target=\"_blank\" rel=\"noopener noreferrer\">Linux VPS hosting<\/a> services, in which case you can simply ask our expert linux admins to do this for you. They are available 24\u00d77 and will take care of your request immediately.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>PS.<\/strong> <\/span>If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the following article we will show you how you can secure and protect your Ubuntu or Debian based virtual &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall\" class=\"read-more button\" href=\"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#more-3477\" aria-label=\"Read more about Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":3478,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1700,1703,13],"tags":[48,147,281,59],"class_list":["post-3477","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-debian","category-security","category-tutorials","tag-debian","tag-firewall","tag-iptables","tag-ubuntu","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-33"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting<\/title>\n<meta name=\"description\" content=\"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall\" \/>\n<meta property=\"og:description\" content=\"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"RoseHosting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RoseHosting\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/rosehosting.helpdesk\" \/>\n<meta property=\"article:published_time\" content=\"2014-08-07T15:41:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-19T12:38:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jeff Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:site\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/\"},\"author\":{\"name\":\"Jeff Wilson\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/person\\\/7ce77a842fa6a9a7f8efa186f2353713\"},\"headline\":\"Securing your Ubuntu\\\/Debian based VPS using IPTABLES\\\/Netfilter firewall\",\"datePublished\":\"2014-08-07T15:41:31+00:00\",\"dateModified\":\"2022-12-19T12:38:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/\"},\"wordCount\":686,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/04\\\/securing-your-ubuntu-based-vps-using-iptables-firewall.png\",\"keywords\":[\"debian\",\"firewall\",\"iptables\",\"ubuntu\"],\"articleSection\":[\"Debian\",\"Security\",\"Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/\",\"name\":\"Securing your Ubuntu\\\/Debian based VPS using IPTABLES\\\/Netfilter firewall | RoseHosting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/04\\\/securing-your-ubuntu-based-vps-using-iptables-firewall.png\",\"datePublished\":\"2014-08-07T15:41:31+00:00\",\"dateModified\":\"2022-12-19T12:38:05+00:00\",\"description\":\"Securing your Ubuntu\\\/Debian based VPS using IPTABLES\\\/Netfilter firewall | RoseHosting\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/04\\\/securing-your-ubuntu-based-vps-using-iptables-firewall.png\",\"contentUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/04\\\/securing-your-ubuntu-based-vps-using-iptables-firewall.png\",\"width\":400,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing your Ubuntu\\\/Debian based VPS using IPTABLES\\\/Netfilter firewall\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/\",\"name\":\"RoseHosting.com\",\"description\":\"Premium Linux Tutorials Since 2001\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#organization\",\"name\":\"RoseHosting\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/android-chrome-192x192-1.png\",\"contentUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/android-chrome-192x192-1.png\",\"width\":192,\"height\":192,\"caption\":\"RoseHosting\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/RoseHosting\",\"https:\\\/\\\/x.com\\\/rosehosting\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/rosehosting\\\/\"],\"description\":\"RoseHosting is a leading Linux hosting provider, serving thousands of clients world-wide since 2001.\",\"email\":\"info@rosehosting.com\",\"telephone\":\"(314) 275-0414\",\"legalName\":\"Rose Web Services LLC\",\"foundingDate\":\"2001-04-02\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/person\\\/7ce77a842fa6a9a7f8efa186f2353713\",\"name\":\"Jeff Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g\",\"caption\":\"Jeff Wilson\"},\"description\":\"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.\",\"sameAs\":[\"https:\\\/\\\/www.rosehosting.com\",\"https:\\\/\\\/www.facebook.com\\\/rosehosting.helpdesk\"],\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/author\\\/jwilson\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting","description":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/","og_locale":"en_US","og_type":"article","og_title":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall","og_description":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting","og_url":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/","og_site_name":"RoseHosting","article_publisher":"https:\/\/www.facebook.com\/RoseHosting","article_author":"https:\/\/www.facebook.com\/rosehosting.helpdesk","article_published_time":"2014-08-07T15:41:31+00:00","article_modified_time":"2022-12-19T12:38:05+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png","type":"image\/png"}],"author":"Jeff Wilson","twitter_card":"summary_large_image","twitter_creator":"@rosehosting","twitter_site":"@rosehosting","twitter_misc":{"Written by":"Jeff Wilson","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#article","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/"},"author":{"name":"Jeff Wilson","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713"},"headline":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall","datePublished":"2014-08-07T15:41:31+00:00","dateModified":"2022-12-19T12:38:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/"},"wordCount":686,"commentCount":1,"publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png","keywords":["debian","firewall","iptables","ubuntu"],"articleSection":["Debian","Security","Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/","url":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/","name":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#primaryimage"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png","datePublished":"2014-08-07T15:41:31+00:00","dateModified":"2022-12-19T12:38:05+00:00","description":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall | RoseHosting","breadcrumb":{"@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#primaryimage","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2014\/04\/securing-your-ubuntu-based-vps-using-iptables-firewall.png","width":400,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosehosting.com\/blog\/securing-your-ubuntudebian-based-vps-using-iptablesnetfilter-firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rosehosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing your Ubuntu\/Debian based VPS using IPTABLES\/Netfilter firewall"}]},{"@type":"WebSite","@id":"https:\/\/www.rosehosting.com\/blog\/#website","url":"https:\/\/www.rosehosting.com\/blog\/","name":"RoseHosting.com","description":"Premium Linux Tutorials Since 2001","publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosehosting.com\/blog\/#organization","name":"RoseHosting","url":"https:\/\/www.rosehosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","width":192,"height":192,"caption":"RoseHosting"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RoseHosting","https:\/\/x.com\/rosehosting","https:\/\/www.linkedin.com\/in\/rosehosting\/"],"description":"RoseHosting is a leading Linux hosting provider, serving thousands of clients world-wide since 2001.","email":"info@rosehosting.com","telephone":"(314) 275-0414","legalName":"Rose Web Services LLC","foundingDate":"2001-04-02","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713","name":"Jeff Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g","caption":"Jeff Wilson"},"description":"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.","sameAs":["https:\/\/www.rosehosting.com","https:\/\/www.facebook.com\/rosehosting.helpdesk"],"url":"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/3477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/comments?post=3477"}],"version-history":[{"count":4,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/3477\/revisions"}],"predecessor-version":[{"id":44404,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/3477\/revisions\/44404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media\/3478"}],"wp:attachment":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media?parent=3477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/categories?post=3477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/tags?post=3477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}