Notes from Heck

Secure Arch Linux for a Public Server

Based on the following articles:

  1. https://wiki.archlinux.org/index.php/SimpleStatefulFirewall
  2. http://0v.org/installing-ghost-on-ubuntu-nginx-and-mysql/

net.ipv4.conf.default.rp_filter is set to 1 by default on Arch Linux systems. Check if it is so on your system by running:

sysctl net.ipv4.conf.default.rp_filter  

If it is 0, then add net.ipv4.conf.default.rp_filter=1 to 90-firewall.conf

Restart/Reload your firewall service after these changes:

# systemctl [reload|restart] iptables

Load the new kernel parameters:

# sysctl --system

Note for non-Arch users: If your distro relies on a single /etc/sysctl.conf file, then merge the contents of 90-firewall.conf into that file.

Author image
Bangalore, India Upwork Profile
I’m a developer, a hobbyist biker, and a Linux enthusiast. When not riding into the sunset, and not being a general nuisance, I like to experiment with new systems and concepts in technology.