Last active
August 25, 2021 09:30
-
-
Save gsluthra/2e63e665919188f51640f67effa27603 to your computer and use it in GitHub Desktop.
Firewall settings for Bahmni (Allow only SSH, and Browser access to http, https and openerp. Block everything else). If you are using to setup on Digtial Ocean / CentOS v7.6, then scroll to bottom for comments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Refer to this link to understand below rules: https://wiki.centos.org/HowTos/Network/IPTables | |
| # Set default input policy to ACCEPT | |
| iptables -P INPUT ACCEPT | |
| # Flush all current rules! | |
| iptables -F | |
| # Allow localhost interface | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # Allow Established | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Allow SSH access | |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
| # Allow Web Access to Bahmni Apps (http, https, openerp) | |
| iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 8069 -j ACCEPT | |
| # DROP ALL Incoming connections except those which are marked as ACCEPT (Policy change!) | |
| iptables -P INPUT DROP | |
| # DROP all Forwards (we are not a router) | |
| iptables -P FORWARD DROP | |
| # Allow all output | |
| iptables -P OUTPUT ACCEPT | |
| # Print Final Settings | |
| iptables -L -n -v --line-numbers | |
| # Make changes permanent | |
| /sbin/service iptables save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks @logshvar this is helpful!