Skip to content

Instantly share code, notes, and snippets.

@mortenbra
Last active January 10, 2023 02:41
Show Gist options
  • Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Basic firewall (iptables) script for CentOS with openings for SSH, HTTP and HTTPS
#!/bin/bash
# see http://oracle-base.com/articles/linux/linux-firewall.php
# Set the default policies to allow everything while we set up new rules
# Prevents cutting yourself off when running from remote SSH
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Flush any existing rules, leaving just the defaults
iptables -F
# Open port 22 for incoming SSH connections
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Open port 80 for incoming HTTP requests
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Open port 443 for incoming HTTPS requests
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# open port 8080 for Oracle XDB/EPG (uncomment if required)
#iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
# open port 1521 for SQL*Net (uncomment if required)
# NOTE: this is not needed for a web server, but can be useful for a dev environment
# replace 1.2.3.4 with your own client IP address
#iptables -A INPUT -p tcp --dport 1521 -s 1.2.3.4 -j ACCEPT
# *** Put any additions to the INPUT chain here
#
# *** End of additions to INPUT chain
# accept any localhost (loopback) calls
iptables -A INPUT -i lo -j ACCEPT
# allow any existing connection to remain
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# reset the default policies to stop all incoming and forward requests
iptables -P INPUT DROP
iptables -P FORWARD DROP
# accept any outbound requests from this server
iptables -P OUTPUT ACCEPT
# save the settings
service iptables save
# display the settings
iptables -L -v --line-numbers
@mortenbra
Copy link
Author

As you can see from the comments in the script, all incoming requests are blocked except those on specific ports.

@vahidalvandi
Copy link

fore secure server just control ipTable is Enough ?

@mortenbra
Copy link
Author

This is an old article, but still useful for an overview of how to secure your Linux server: https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment