Created
April 25, 2017 20:54
-
-
Save deruke/db57984866f38d5bda7d6eec1a00266f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -d 127.0.0.0/8 -j REJECT | |
| # Accept all established inbound connections | |
| -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Allow all outbound traffic - you can modify this to only allow certain traffic | |
| -A OUTPUT -j ACCEPT | |
| # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL). | |
| -A INPUT -p tcp --dport 80 -j ACCEPT | |
| -A INPUT -p tcp --dport 443 -j ACCEPT | |
| -A INPUT -p tcp --dport 53 -j ACCEPT | |
| -A INPUT -p udp --dport 53 -j ACCEPT | |
| -A INPUT -p tcp -s 127.0.0.1 --dport 8080 -j ACCEPT | |
| # Allow SSH connections | |
| # | |
| # The -dport number should be the same port number you set in sshd_config | |
| # | |
| -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT | |
| # Allow ping | |
| -A INPUT -p icmp -j ACCEPT | |
| # Log iptables denied calls | |
| -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
| # Drop all other inbound - default deny unless explicitly allowed policy | |
| -A INPUT -j DROP | |
| -A FORWARD -j DROP | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment