Hotshot824/iptables-script.sh

## iptables-script.sh
#!/bin/bash

# Flush existing rules
iptables -F
ip6tables -F

# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT ACCEPT

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT

# Allow traffic for existing connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open specific ports, for example, HTTP (80) and HTTPS (443)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow SSH (port 22)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow ICMP (Ping)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type echo-request -j ACCEPT

# Log dropped packets (optional)
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables-denied: " --log-level 7
ip6tables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables-denied: " --log-level 7

echo "Basic iptables setup with SSH and ICMP (ping) allowed completed."
	#!/bin/bash

	# Flush existing rules
	iptables -F
	ip6tables -F

	# Set default policies
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT
	ip6tables -P INPUT DROP
	ip6tables -P FORWARD DROP
	ip6tables -P OUTPUT ACCEPT

	# Allow loopback traffic
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT
	ip6tables -A INPUT -i lo -j ACCEPT
	ip6tables -A OUTPUT -o lo -j ACCEPT

	# Allow traffic for existing connections
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Open specific ports, for example, HTTP (80) and HTTPS (443)
	iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	iptables -A INPUT -p tcp --dport 443 -j ACCEPT
	ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
	ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT

	# Allow SSH (port 22)
	iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

	# Allow ICMP (Ping)
	iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
	ip6tables -A INPUT -p ipv6-icmp --icmpv6-type echo-request -j ACCEPT

	# Log dropped packets (optional)
	iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables-denied: " --log-level 7
	ip6tables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables-denied: " --log-level 7

	echo "Basic iptables setup with SSH and ICMP (ping) allowed completed."