raulanatol · November 27, 2016 10:13
diff --git a/iptables.sh b/iptables.sh
 #!/bin/bash

 iptables -F
 # Defautlt policy
 iptables -P INPUT DROP
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD DROP

 # drop invalid packets
 iptables -A INPUT -m state --state INVALID -j DROP

 # see http://www.faqs.org/docs/iptables/newnotsyn.html
 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

 # accept anything on localhost
 iptables -A INPUT -i lo -j ACCEPT

 # accept ICMP packets
 iptables -A INPUT -p icmp -j ACCEPT

 # allow specific ports
 iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
 iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT

 # allow establishment of connections initialised by my outgoing packets
 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	#!/bin/bash

	iptables -F
	# Defautlt policy
	iptables -P INPUT DROP
	iptables -P OUTPUT ACCEPT
	iptables -P FORWARD DROP

	# drop invalid packets
	iptables -A INPUT -m state --state INVALID -j DROP

	# see http://www.faqs.org/docs/iptables/newnotsyn.html
	iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

	# accept anything on localhost
	iptables -A INPUT -i lo -j ACCEPT

	# accept ICMP packets
	iptables -A INPUT -p icmp -j ACCEPT

	# allow specific ports
	iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
	iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
	iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT

	# allow establishment of connections initialised by my outgoing packets
	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT