How To Secure Server Firewall Hardening | Make Your Server Strict!

In order to secure your server, you will have to have a well configured firewall

Instead of blocking stuff you do not want, you should block everything and only allow stuff that you want - also called whitelisting

Warning: Be careful with your configurations, as you might lock yourself out of your server, if not done correctly.
Do not run the commands one after one, instead run them inside a shell script, as otherwise you will be locked out, before you can finish your firewall configuration

First of all, block all traffic using iptables.

Code:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

If you would leave your iptables configuration like that, your server would be secure, but you would not be able to access it yourself either - so we have to add exceptions
We assume you have SSH running on port 37282

For your to be able to use ssh, you will have to add an iptables rule that allows traffic on the specific port

Code:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 37282 -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp --sport 37282 -m state --state ESTABLISHED -j ACCEPT

To further harden the system you could only allow access to the port for one specified IP

A port knock would be another step, which only opens the port, when a specific set of ports has been connected to by a single IP in a specific order - this will cause a set port to open!

Enjoy!

3 Likes