Skip to content

Instantly share code, notes, and snippets.

@gsluthra
Last active August 25, 2021 09:30
Show Gist options
  • Save gsluthra/2e63e665919188f51640f67effa27603 to your computer and use it in GitHub Desktop.
Save gsluthra/2e63e665919188f51640f67effa27603 to your computer and use it in GitHub Desktop.
Firewall settings for Bahmni (Allow only SSH, and Browser access to http, https and openerp. Block everything else). If you are using to setup on Digtial Ocean / CentOS v7.6, then scroll to bottom for comments.
# Refer to this link to understand below rules: https://wiki.centos.org/HowTos/Network/IPTables
# Set default input policy to ACCEPT
iptables -P INPUT ACCEPT
# Flush all current rules!
iptables -F
# Allow localhost interface
iptables -A INPUT -i lo -j ACCEPT
# Allow Established
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH access
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow Web Access to Bahmni Apps (http, https, openerp)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8069 -j ACCEPT
# DROP ALL Incoming connections except those which are marked as ACCEPT (Policy change!)
iptables -P INPUT DROP
# DROP all Forwards (we are not a router)
iptables -P FORWARD DROP
# Allow all output
iptables -P OUTPUT ACCEPT
# Print Final Settings
iptables -L -n -v --line-numbers
# Make changes permanent
/sbin/service iptables save
@logeshvar
Copy link

For CentOS 7.x the following script can be used to setup firewall using firewalld
firewalld configuration script

@gsluthra
Copy link
Author

Thanks @logshvar this is helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment