Raspberry Pi and Roberto Piola

This site uses only a session cookie for technical reasons, and it can not be disabled. Users are not profiled

pi.ilpiola.it: The site about Raspberry Pi and Roberto Piola

iptables: open and secure access to your Raspberry Pi

If you want to remotely access your pi, but you want to do it with some security, you will have to manage the linux firewall, iptables.

Actually, you can also disable iptables (and, by default, it is disabled in raspbian, while it allows access from the local LAN only in raspbmc), and place another firewaall in front of the pi, but this is unnecessary.

Most adsl routers will allow you to forward ports (80 for web, 22 for ssh, etc) from the outside to the pi, but some do not permit to select the source. I wanted to enable access to my pi only from my office, so:

raspbmc

As stated, iptables is enabled by default in raspbmc, and is called in file /etc/network/if-up.d/secure-rmc (Click here to see the default file). A the end of the file, tehre is the configuration of iptables:

    iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT
    iptables -A INPUT -i $IFACE -j DROP

insert on top of it your custom rules and reboot: (here, I assumed that 1.2.3.0 is the ip subnet of my office):

    # open any protocol from my office
    iptables -A INPUT -s 1.2.3.0/24 -i $IFACE -j ACCEPT
    # open amule from the world
    iptables -A INPUT -m tcp -p tcp --dport 4662 -i $IFACE -j ACCEPT
    iptables -A INPUT -m udp -p udp --dport 4665 -i $IFACE -j ACCEPT
    # default rule: allow everything from the local lan, refuse everything else
    iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT

you can write me at roberto@ilpiola.it