Created
September 12, 2014 13:52
-
-
Save rhamdeew/252ef62840c8fda2e91f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT && | |
| iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP && | |
| iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP && | |
| iptables -A INPUT -i lo -j ACCEPT && | |
| iptables -D INPUT -p tcp -m tcp --dport 21 -j ACCEPT && | |
| iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT && | |
| iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT && | |
| iptables -A INPUT -p tcp -m tcp --dport 1989 -j ACCEPT && | |
| iptables -A INPUT -p tcp -m tcp --dport 1500 -j ACCEPT && | |
| iptables -A INPUT -p tcp -m tcp --dport 18080 -j ACCEPT && | |
| iptables -A INPUT -j DROP |
iptables-save > /etc/iptables.up.rules
vim /etc/network/if-up.d/iptables
``
!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules
``
chmod +x /etc/network/if-up.d/iptables
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
allow PING
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
from http://hosterlab.net