====== iptables ======

  * [[Firewall]]
  * [[Security]]
  * [[ufw]]


== Firewall testing ==

Make a cron job run every five minutes that resets the firewall so you can prevent yourself from getting locked out while testing any changes.

Here is a new cronjob entry:

<code>
*/5 * * * * /etc/init.d/iptables restart
</code>

== Block an external IP address ==

<code>iptables -A INPUT -s <IP-ADDRESS> -j DROP</code>

== Postfix ==

Port 25 only needs to be open if you are accepting incoming mail.

=== Accept LAN Traffic ===

Open all ports to a subnet

<code>
iptables -A INPUT -p tcp -s 192.168.12.0/24 -j ACCEPT
</code>