Last active
February 9, 2016 21:40
-
-
Save edencorbin/10bf8f53bdde45a0d758 to your computer and use it in GitHub Desktop.
iptables_configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| flush | |
| iptables -F | |
| drop all input (note this will end an ssh session, further commands need to be run as root from console) | |
| iptables -P INPUT DROP | |
| block null packets | |
| iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
| syn-flood attack protection | |
| iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| XMAS packets protection | |
| iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
| Allow local host | |
| iptables -A INPUT -i lo -p all -j ACCEPT | |
| Now we can allow web server traffic: | |
| iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |
| Allow related, established | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment