KKostya · October 15, 2014 12:43
diff --git a/iptables.h b/iptables.h
 # Flush
 iptables -F

 # Accept ssh 
 iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 # Accept outgoing connections
 iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 # Accept lo interface
 iptables -A INPUT -i lo -j ACCEPT

 # Open bunch more ports
 iptables -A INPUT -p tcp -m tcp --dport 5000 -j ACCEPT
 iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
 iptables -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
 iptables -A INPUT -p tcp -m tcp --dport 9066 -j ACCEPT

 # Block typical DDOS attaks
 iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
 iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

 # Finishing
 iptables -P OUTPUT ACCEPT
 iptables -P INPUT DROP

 # See the rules
 iptebles -L -n

 # Restart

 # Save
 iptables-save | sudo tee /etc/sysconfig/iptables
	# Flush
	iptables -F

	# Accept ssh
	iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
	# Accept outgoing connections
	iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	# Accept lo interface
	iptables -A INPUT -i lo -j ACCEPT

	# Open bunch more ports
	iptables -A INPUT -p tcp -m tcp --dport 5000 -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 9066 -j ACCEPT

	# Block typical DDOS attaks
	iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
	iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
	iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

	# Finishing
	iptables -P OUTPUT ACCEPT
	iptables -P INPUT DROP

	# See the rules
	iptebles -L -n

	# Restart

	# Save
	iptables-save \| sudo tee /etc/sysconfig/iptables