BenMorel · October 17, 2019 22:57 · Oct 17, 2019 · Apr 18, 2015 · Mar 18, 2014 · Mar 18, 2014
diff --git a/iptables-config-script b/iptables-config-script
@@ -4,58 +4,25 @@
 sudo iptables -t filter -F
 sudo iptables -t filter -X
 
-# Bloc everything by default
+# Set up default rules
 sudo iptables -t filter -P INPUT DROP
 sudo iptables -t filter -P FORWARD DROP
-sudo iptables -t filter -P OUTPUT DROP
+sudo iptables -t filter -P OUTPUT ACCEPT
 
 # Authorize already established connexions
 sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-sudo iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Authorize loopback
 sudo iptables -t filter -A INPUT -i lo -j ACCEPT
-sudo iptables -t filter -A OUTPUT -o lo -j ACCEPT
 
 # ICMP (Ping)
 sudo iptables -t filter -A INPUT -p icmp -j ACCEPT
-sudo iptables -t filter -A OUTPUT -p icmp -j ACCEPT
 
 # SSH
 sudo iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
-sudo iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
-
-# DNS
-sudo iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
-sudo iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
-sudo iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
-sudo iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
 
 # HTTP
-sudo iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
 sudo iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
 
-#HTTPS
-sudo iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
+# HTTPS
 sudo iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
-
-# FTP
-sudo iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
-sudo iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
-
-# Git
-sudo iptables -t filter -A OUTPUT -p tcp --dport 9418 -j ACCEPT
-sudo iptables -t filter -A INPUT -p tcp --dport 9418 -j ACCEPT
-
-# Mail SMTP
-iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
-iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
-
-# Mail POP3
-iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
-iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
-
-# Mail IMAP
-iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
-iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
-
-# NTP (server time)
-sudo iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
diff --git a/iptables-config-script b/iptables-config-script
@@ -41,6 +41,10 @@ sudo iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
 sudo iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
 sudo iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
 
+# Git
+sudo iptables -t filter -A OUTPUT -p tcp --dport 9418 -j ACCEPT
+sudo iptables -t filter -A INPUT -p tcp --dport 9418 -j ACCEPT
+
 # Mail SMTP
 iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
 iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT

diff --git a/gistfile1.sh → iptables-config-script b/gistfile1.sh → iptables-config-script
diff --git a/gistfile1.bat → gistfile1.sh b/gistfile1.bat → gistfile1.sh
diff --git a/gistfile1.txt → gistfile1.bat b/gistfile1.txt → gistfile1.bat
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# Empty all rules
+sudo iptables -t filter -F
+sudo iptables -t filter -X
+
+# Bloc everything by default
+sudo iptables -t filter -P INPUT DROP
+sudo iptables -t filter -P FORWARD DROP
+sudo iptables -t filter -P OUTPUT DROP
+
+# Authorize already established connexions
+sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+sudo iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+sudo iptables -t filter -A INPUT -i lo -j ACCEPT
+sudo iptables -t filter -A OUTPUT -o lo -j ACCEPT
+
+# ICMP (Ping)
+sudo iptables -t filter -A INPUT -p icmp -j ACCEPT
+sudo iptables -t filter -A OUTPUT -p icmp -j ACCEPT
+
+# SSH
+sudo iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
+sudo iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
+
+# DNS
+sudo iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
+sudo iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
+sudo iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
+sudo iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
+
+# HTTP
+sudo iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
+sudo iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
+
+#HTTPS
+sudo iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
+sudo iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
+
+# FTP
+sudo iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
+sudo iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
+
+# Mail SMTP
+iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
+iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
+
+# Mail POP3
+iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
+iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
+
+# Mail IMAP
+iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
+iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
+
+# NTP (server time)
+sudo iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT