iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
#this is to get rid of null packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
#defend syn-flood attacks
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
#defend xmas packets
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 10.1.111.0/24 -m state --state NEW -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 10.1.111.0/24 -m state --state NEW -p tcp -m tcp --dport sftp -j ACCEPT
iptables -A INPUT -s 10.1.111.0/24 -m state --state NEW -p tcp -m tcp --dport 137 -j ACCEPT
iptables -A INPUT -s 10.1.111.0/24 -m state --state NEW -p tcp -m tcp --dport 138 -j ACCEPT
iptables -A INPUT -s 10.1.111.0/24 -m state --state NEW -p tcp -m tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 10.1.111.0/24 -m state --state NEW -p tcp -m tcp --dport 445 -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
Created
February 22, 2018 07:16
-
-
Save paulera/741cb7c90fa7812a1f6949bb250a9a0b to your computer and use it in GitHub Desktop.
Server configuration
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment