Firewall a Pristine Ubuntu 8.04 Box
Here's a quick recipe to lock down a fresh Ubuntu 8.04 install. These rules block everything except SSH, giving you a solid baseline to build on.
```bash
sudo apt-get install iptables
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo sh -c "iptables-save -c > /etc/iptables.rules"
```
To persist your rules across reboots -- loading them on startup and saving them on shutdown -- add `pre-up` and `post-down` hooks to `/etc/network/interfaces`:
```
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save -c > /etc/iptables.rules
```
From here, punch additional holes as you need them. That's it -- simple, effective, and a sensible first step for any new server.
If you're hosted at [Xeriom Networks](http://xeriom.net/) and want to be monitored by the [monitoring service](http://wiki.xeriom.net/w/XeriomAlertService), allow ICMP Type 8 (ping) from `monitor.xeriom.net`:
```bash
sudo iptables -I INPUT 4 -s 193.219.108.245 -p icmp -m icmp --icmp-type 8 -j ACCEPT
```
Don't forget to save the updated rules:
```bash
sudo sh -c "iptables-save -c > /etc/iptables.rules"
```
Questions or thoughts? Get in touch.