I will give an example of IPTables rules for BGP.
Assume the default policies are as follows (as well as open ports for ssh and other necessary):
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Since BGP uses port 179/tcp, it must be opened for the neighbors with whom the connection is established, for example:
iptables -A INPUT -p tcp -s 192.168.5.5 --dport 179 -i eth1 -j ACCEPT
Telnet zebra usually runs on port 2601, and telenet quagga/bgpd on port 2605, so let’s open them for localhost:
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 2601 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -p tcp --dport 2605 -j ACCEPT
Or open all the ports for localhost:
iptables -A INPUT -i lo -j ACCEPT
If the rule below is added to iptables, then port 179 can not be opened since the session will rise during an outgoing connection (but in this case conntrack will be used, which is usually not needed on the border):
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
See also my articles:
How to configure IPTables
Setting up BGP in Quagga
BIRD BGP: Unexpected connect from unknown address
BGP. Channel Balancing on Quagga