Linux - IPTABLES - Default Web Server Basic Firewall

default-web-firewall.sh

#!/bin/bash

## 
## set default policies to let everything in
iptables --policy INPUT   ACCEPT;
iptables --policy OUTPUT  ACCEPT;
iptables --policy FORWARD ACCEPT;

##
## start fresh
iptables -Z; # zero counters
iptables -F; # flush (delete) rules
iptables -X; # delete all extra chains

##
## Allow outgoing traffic and disallow any passthroughs
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

##
## Allow traffic already established to continue
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

##
## Allow ssh, ftp and web services
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2264 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 21 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 40000:40100 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 40000:40100 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 1167 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT

##
## Allow local loopback services
iptables -A INPUT -i lo -j ACCEPT

##
## Allow pings
iptables -I INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -I INPUT -p icmp --icmp-type source-quench -j ACCEPT
iptables -I INPUT -p icmp --icmp-type time-exceeded -j ACCEPT