Last active
December 14, 2015 18:09
-
-
Save nchapman/5127454 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| # Dropping incoming connections that don't have explicit rules below | |
| :INPUT DROP [68:4456] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [1628:151823] | |
| # Allow localhost | |
| -A INPUT -i lo -j ACCEPT | |
| # Allow established connections for both public and private connections | |
| -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # Opening ports wide open | |
| -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |
| # Allow ICMP | |
| -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| # Opening a port to a specific IP | |
| # -A INPUT -p tcp -m tcp --dport 8080 -s x.x.x.x -j ACCEPT | |
| # Opening a port to a range of IPs | |
| # -A INPUT -p tcp -m tcp --dport 20000 -s 192.168.0.0/24 -j ACCEPT | |
| # Commmiting the rules to the firewall | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment