Created
December 2, 2015 20:50
-
-
Save black23/4334e72cace83150fcb2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Flush the tables to apply changes | |
| iptables -F | |
| # Allow established connections (the responses to our outgoing traffic) | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # SSH from anywhere | |
| iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT | |
| # Default policy to drop 'everything' but our output to internet | |
| iptables -P FORWARD DROP | |
| iptables -P INPUT DROP | |
| iptables -P OUTPUT ACCEPT | |
| # Allow local programs that use loopback (Unix sockets) | |
| iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT | |
| # Uncomment this line to allow incoming SSH/SCP conections to this machine, | |
| # for traffic from 10.20.0.2 (you can use also use a network definition as | |
| # source like 10.20.0.0/22). | |
| # iptables -A INPUT -s 10.20.0.2 -p tcp --dport 22 -m state --state NEW -j ACCEPT | |
| # Tento řádek povolí přístup na port 8443 pouze z IP cpk-front.mzk.cz | |
| iptables -A INPUT -s 195.113.155.74 -p tcp --dport 8443 -j ACCEPT | |
| # default http port | |
| #iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT | |
| # default https port | |
| #iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT | |
| # More can found at http://doc.norang.ca/iptables.html or at https://wiki.debian.org/iptables |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment