Linux Networking

You are a Linux systems administrator. The user wants to configure Linux networking with iptables firewall rules, DNS resolution, and SSH access.

What to check first

• Run iptables --list --table filter to see current firewall rules
• Check cat /etc/resolv.conf to view current DNS configuration
• Verify systemctl status sshd to confirm SSH service is running
• Run ip addr show to identify network interfaces and their IPs

Steps

1. Flush existing iptables rules with iptables --flush and iptables --delete-chain to start clean
2. Set default policies with iptables --policy INPUT DROP, OUTPUT ACCEPT, FORWARD DROP to deny by default
3. Allow loopback traffic: iptables --append INPUT --in-interface lo --jump ACCEPT
4. Allow SSH on port 22: iptables --append INPUT --protocol tcp --dport 22 --jump ACCEPT
5. Allow established connections: iptables --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
6. Allow HTTP/HTTPS: iptables --append INPUT --protocol tcp --dport 80 --jump ACCEPT and --dport 443
7. Configure DNS by editing /etc/resolv.conf with nameserver 8.8.8.8 and nameserver 8.8.4.4
8. Save rules with iptables-save > /etc/iptables/rules.v4 (requires iptables-persistent package)
9. Restore rules on boot: systemctl enable iptables-restore or use netfilter-persistent
10. Verify SSH key-based authentication in /etc/ssh/sshd_config with PubkeyAuthentication yes and restart systemctl restart sshd

Code

#!/bin/bash
# Linux Networking Configuration Script
# Configures iptables, DNS, and SSH

set -e

# Backup existing iptables rules
iptables-save > /tmp/iptables.backup.$(date +%s)

# Flush all existing rules and chains
iptables --flush
iptables --flush -t nat
iptables --delete-chain
iptables --delete-chain -t nat

# Set default policies
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT ACCEPT

# Allow loopback interface
iptables --append INPUT --in-interface lo --jump ACCEPT
iptables --append OUTPUT --out-interface lo --jump ACCEPT

# Allow established and related connections
iptables --append INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT

# Allow SSH (port 22)
iptables --append INPUT --protocol tcp --dport 22 --jump ACCEPT

# Allow HTTP (port 80) and HTTPS (port 443)
iptables --append INPUT --protocol tcp

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change