iptables on Debian

Recently decided to switch over to Debian for some websites. Making another distro on my list after Alma, Rocky and FreeBSD.

Reason I chosen iptables because I have a repo keeping my generic for all my machines.

Here is how to make iptables work on Debian. First, get apt repo update and install iptables-persistent. Persistent making the rules permanently there

apt update && apt install iptables-persistent 

Once it’s install, it will automatically start without a default rules, unlike rocky/alma, it comes with the default rules and enable port 22 (ssh)

Here is the rules you can refer to as a start in /etc/iptables/rules.v4

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

## Free flow for VPN IP
-A INPUT -p tcp -m state --state NEW -s x.x.x.x/32 -m tcp -j ACCEPT

## Only allow 80 and 443
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

That will be the same iptables’ rules for ipv4. Restart the services

# systemctl restart iptables 

That’s the basic setup of iptables on Debian with persistent rules.