In Linux the most basic way of protecting you machine is with iptables. Iptables is a firewall that comes preinstalled and configured on MOST Linux distros. I say most because Arch does not preinstall it since that would conflict with their bare-bones design.
iptables -P INPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -L -v
service iptables save
NOTE: service iptables save will only work for CentOS and Fedora.
Here is what the code is doing… First it is flushing the current iptables erasing everything in it. The next thing we are saying is to allow all input, this is only temporary but allows you to keep your connection if you are setting the iptables remotely. The following iptable rule is to allow anything going to the localhost eth adapter to not be blocked. The next thing we are going to do is to allow through any connections which have already be established or are related. Without this we would not be able to get anything back from the network. After that I have opened up port 22 (SSH), you can open more ports by retyping the command and change the protocol and port number. The next step is to drop anything else which is coming in. We are then dropping any requests to forward traffic and allowing everything out. The following line is just displaying the iptables so you can review them, and the final line saves the tables if you are using Fedora or CentOS. You can copy and paste the code and it will run the commands for you leaving you sitting on the last line to review the settings before saving.