Created
November 16, 2015 06:57
-
-
Save rociiu/38ad7ff62c557b7d5704 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| # Allow all loopback (lo0) traffic and reject traffic | |
| # to localhost that does not originate from lo0. | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT | |
| # Allow ping. | |
| -A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT | |
| # Allow SSH connections. | |
| -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT | |
| # Allow HTTP and HTTPS connections from anywhere | |
| # (the normal ports for web servers). | |
| -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT | |
| -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT | |
| # Allow inbound traffic from established connections. | |
| # This includes ICMP error returns. | |
| -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Log what was incoming but denied (optional but useful). | |
| -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7 | |
| # Reject all other inbound. | |
| -A INPUT -j REJECT | |
| # Log any traffic which was sent to you | |
| # for forwarding (optional but useful). | |
| -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7 | |
| # Reject all traffic forwarding. | |
| -A FORWARD -j REJECT | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment