Hands-on lab for basic iptables usage

You'll complete this lab on your Ubuntu virtual machine. Follow these steps to get started:

1. Shut down your Ubuntu virtual machine and create a snapshot. After you boot it back up, look at your iptables rules, or lack thereof, by using the following command:

sudo iptables -L

2. Create the rules that you need for a basic firewall, allowing for Secure Shell access, DNS queries and zone transfers, and the proper types of ICMP. Deny everything else:

sudo iptables -A INPUT -m conntrack  --ctstate ESTABLISHED,RELATED  -j ACCEPT

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -m conntrack -p icmp --icmp-type 3 --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT

sudo iptables -A INPUT -m conntrack -p icmp --icmp-type 11 --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT

sudo iptables -A INPUT -m conntrack -p icmp --icmp-type 12 --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT

sudo iptables -A INPUT -j DROP

3. View the results by using the following command:

sudo iptables -L

4. Oops – it looks like you forgot about that loopback interface. Add a rule for it at the top of the list:

sudo iptables -I INPUT 1 -i lo -j ACCEPT

5. View the results by using the following two commands. Note the difference between the output of each:

 sudo iptables -L
 sudo iptables -L -v

6. Install the iptables-persistent package and choose to save the IPv4 and IPv6 rules when prompted:

sudo apt install iptables-persistent

7. Reboot the virtual machine and verify that your rules are still active.
8. Keep this virtual machine; you'll be adding more to it in the next hands-on lab.

That's the end of this lab—congratulations!