Created
July 27, 2017 15:49
-
-
Save dicej/33c812e9dd05a2e0765d717ffb45bcd9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # remove all current rules | |
| iptables -F | |
| iptables -X | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| # drop all incoming traffic by default | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP | |
| # accept all outgoing traffic | |
| iptables -P OUTPUT ACCEPT | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # accept all loopback traffic | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # accept SSH, HTTP, and HTTPS | |
| iptables -A INPUT -p tcp -m multiport --dports 22,80,443,8080,8443 -j ACCEPT | |
| iptables -A OUTPUT -p tcp -m multiport --sports 22,80,443,8080,8443 -j ACCEPT | |
| # redirect 80 and 443 to 8080 and 8443, respectively | |
| iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 | |
| iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment