Skip to content

Instantly share code, notes, and snippets.

@ahmadmayahi
Last active June 23, 2017 13:24
Show Gist options
  • Save ahmadmayahi/0368369b96d5dd29e4890c230e9b30ac to your computer and use it in GitHub Desktop.
Save ahmadmayahi/0368369b96d5dd29e4890c230e9b30ac to your computer and use it in GitHub Desktop.
iptables best practice for ubuntu 14+ - only 22, 80 and 443 ports
#This iptables snippet enables port 22, 80 and 443 only.
#WARNING: YOU HAVE TO EXECUTE THE 1ST COMMAND TO AVOID SELF BLOCKING, IF YOU DON'T TYPE THIS COMMAND THEN YOI'LL BE BLOCKED FROM ACCESSING YOUR SERVER.
#Accept active connecion (void self blocking)
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#Accept loopback connections
iptables -A INPUT -i lo -j ACCEPT
#Allow port 22 (ssh)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Allow port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#Allow https
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#Drop by default
sudo iptables -P INPUT DROP
#Install persistent ipatables (save rules while reboots)
apt install -y iptables-persistent
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment