Created
January 4, 2013 18:46
-
-
Save jeff/4454887 to your computer and use it in GitHub Desktop.
Simple example of a "deny all incoming tcp/22 connection attempts except that from existing connections or from a list of source IPs in the "techs" chain. This is in format suitable for use with iptables-restore, which will overwrite your existing iptables rules. To create the techs chain from the command line, use "iptables -N techs"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by iptables-save v1.4.2 on Fri Jan 4 13:40:19 2013 | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :techs - [0:0] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 22 -m state --state RELATED -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 22 -j techs | |
| -A INPUT -p tcp -m tcp --dport 22 -j LOG | |
| -A INPUT -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable | |
| -A techs -s 172.16.123.123/32 -j ACCEPT | |
| -A techs -s 172.16.42.0/24 -j ACCEPT | |
| -A techs -s 10.10.1.23/32 -j ACCEPT | |
| -A techs -j RETURN | |
| COMMIT | |
| # Completed on Fri Jan 4 13:40:19 2013 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment