sudmed · May 4, 2023 12:31
diff --git a/iptables_flush_rules.sh b/iptables_flush_rules.sh
 #!/bin/bash

 # vars
 ext_if="ens192"

 # flush all rules
 iptables -F
 iptables -F -t nat
 iptables -F -t mangle
 iptables -X
 iptables -X -t nat
 iptables -X -t mangle

 # default policies
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT

 # accept established and related connections
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

 # allow icmp traffic
 iptables -A INPUT -p icmp -j ACCEPT

 # allow traffic to loopback
 iptables -A INPUT -i lo -j ACCEPT

 # allow ssh
 iptables -A INPUT -i $ext_if -p tcp -m state --state NEW --dport 22 -j ACCEPT

 # allow web
 iptables -A INPUT -i $ext_if -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT

 # print rules
 iptables -S
	#!/bin/bash

	# vars
	ext_if="ens192"

	# flush all rules
	iptables -F
	iptables -F -t nat
	iptables -F -t mangle
	iptables -X
	iptables -X -t nat
	iptables -X -t mangle

	# default policies
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT

	# accept established and related connections
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# allow icmp traffic
	iptables -A INPUT -p icmp -j ACCEPT

	# allow traffic to loopback
	iptables -A INPUT -i lo -j ACCEPT

	# allow ssh
	iptables -A INPUT -i $ext_if -p tcp -m state --state NEW --dport 22 -j ACCEPT

	# allow web
	iptables -A INPUT -i $ext_if -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT

	# print rules
	iptables -S