In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the Digital Ocean droplet’s iptables firewall:

Flush existing rules
sudo iptables -F

Allow all concurrent connections
sudo iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

Allow specific IPs/hosts to access port 80
sudo iptables -A INPUT -p tcp -s F.Q.D.N –dport 80 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

Allow specific IPs/hosts to access port 22
sudo iptables -A INPUT -p tcp -s F.Q.D.N –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

Block all other traffic:
sudo iptables -P INPUT DROP

Provide the VPS loopback access:
sudo iptables -I INPUT 1 -i lo -j ACCEPT

Install iptables-persistent to ensure rules survive a reboot:
sudo apt-get install iptables-persistent

Start iptables-persistent service
sudo service iptables-persistent start

If you make iptables changes after this and they don’t seem to stick, do this:
sudo iptables-save > /etc/iptables/rules.v4

See this Digital Ocean article for more information.