Example iptables rule script

iptables.sh

logfile="/var/log/trustbox"
# Clear all rules
iptables -F
iptables -X
# LOG all connection
iptables -A INPUT -j LOG
iptables -A OUTPUT -j LOG
# ALLOW ssh port 63378
# Allowed ip define in file 'ip.txt'
for ip in `cat ip.txt`
do
	iptables -A INPUT -p tcp --dport 63378 -s $ip -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp --sport 63378 -d $ip -m conntrack --ctstate ESTABLISHED -j ACCEPT
	echo -e `date` "iptables - Allow ssh ${ip} by `id -un`$"
	echo `date` " iptables - Allow ssh " $i " by `id -un`" >> $logfile
done
# DROP ping
iptables -A INPUT -p icmp -j DROP
iptables -A OUTPUT -p icmp -j DROP
iptables -A FORWARD -p icmp -j DROP
echo -e `date` "iptables - Drop icmp protocol by `id -un`"
echo `date` " iptables - Drop icmp protocol by `id -un`" >> $logfile
# SQL Injection

### Protecting server, block IPs try to connect to port 22 and 63378
# Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds)
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j LOG --log-prefix "IP blacklist: "
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
# Remove attacking IP after 24 hours
iptables -A INPUT -m recent --name portscan --remove
# These rules add scanners to the portscan list, and log the attempt.
# Protect for Port SSH 63379
iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --name portscan --set -j LOG --log-prefix "SSH 22:"
iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --name portscan --set -j DROP
iptables -A INPUT -p tcp -m tcp --dport 63378 -m recent --name portscan --set -j LOG --log-prefix "SSH 63378:"
iptables -A INPUT -p tcp -m tcp --dport 63378 -m recent --name portscan --set -j DROP

# DROP all
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
iptables -A FORWARD -j DROP
echo -e `date` "iptables - Drop all by `id -un`"
echo `date` " iptables - Drop all by `id -un`" >> $logfile
# For test
#sleep 120
#iptables -F
#iptables -X