Secure Arch Linux for a Public Server

Based on the following articles:

  1. https://wiki.archlinux.org/index.php/Simple_Stateful_Firewall
  2. http://0v.org/installing-ghost-on-ubuntu-nginx-and-mysql/

net.ipv4.conf.default.rp_filter is set to 1 by default on Arch Linux systems. Check if it is so on your system by running:

1
sysctl net.ipv4.conf.default.rp_filter

If it is 0, then add net.ipv4.conf.default.rp_filter=1 to 90-firewall.conf

Restart/Reload your firewall service after these changes:

1
# systemctl [reload|restart] iptables

Load the new kernel parameters:

1
# sysctl --system

Note for non-Arch users: If your distro relies on a single /etc/sysctl.conf file, then merge the contents of 90-firewall.conf into that file.