Skip to content

Instantly share code, notes, and snippets.

@QNimbus

QNimbus/iptables.sh

Last active May 31, 2023 20:17
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save QNimbus/dd7cb21bee46d0f53d04040f380250d5 to your computer and use it in GitHub Desktop.
Save QNimbus/dd7cb21bee46d0f53d04040f380250d5 to your computer and use it in GitHub Desktop.
Download ZIP
Basic iptables configuration
Raw
iptables.sh
trustedIP="1.2.3.4/32"
cat <<- EOF > /etc/iptables/rules.v4
# Generated by iptables-save v1.8.7 on Wed Mar 29 14:37:32 2023
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5093 -j ACCEPT
-A INPUT -s $trustedIP -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p udp -m udp -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Mar 29 14:37:32 2023
EOF
cat <<- 'EOF' > /etc/iptables/rules.v6
# Generated by ip6tables-save v1.8.7 on Thu Mar 30 06:30:12 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
# Completed on Thu Mar 30 06:30:12 2023
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment