In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the Digital Ocean droplet’s iptables firewall:
Flush existing rules
sudo iptables -F
Allow all concurrent connections
sudo iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
Allow specific IPs/hosts to access port 80
sudo iptables -A INPUT -p tcp -s F.Q.D.N –dport 80 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
Allow specific IPs/hosts to access port 22
sudo iptables -A INPUT -p tcp -s F.Q.D.N –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
Block all other traffic:
sudo iptables -P INPUT DROP
Provide the VPS loopback access:
sudo iptables -I INPUT 1 -i lo -j ACCEPT
Install iptables-persistent to ensure rules survive a reboot:
sudo apt-get install iptables-persistent
Start iptables-persistent service
sudo service iptables-persistent start
If you make iptables changes after this and they don’t seem to stick, do this:
sudo iptables-save > /etc/iptables/rules.v4
See this Digital Ocean article for more information.
Share on socials: