Skip to content

Instantly share code, notes, and snippets.

@alphaJohnny
Created June 15, 2019 12:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alphaJohnny/ecddfbbdfa7188ab2afd18ade92db6a9 to your computer and use it in GitHub Desktop.
Save alphaJohnny/ecddfbbdfa7188ab2afd18ade92db6a9 to your computer and use it in GitHub Desktop.
Firewall rules to allow only KhanAcademy, FreeCodeCamp, Google services and login and Github
#!/bin/bash
# Khanacademy
iptables -A OUTPUT -p tcp -d khanacademy.org -j ACCEPT
iptables -A OUTPUT -p tcp -d qualaroo.com -j ACCEPT
iptables -A OUTPUT -p tcp -d kastatic.org -j ACCEPT
iptables -A OUTPUT -p tcp -d kasandbox.org -j ACCEPT
iptables -A OUTPUT -p tcp -d s3.amazonaws.com -j ACCEPT
iptables -A OUTPUT -p tcp -d youtube-nocookie.com -j ACCEPT
# Freecodecamp
iptables -A OUTPUT -p tcp -d freecodecamp.org -j ACCEPT
iptables -A OUTPUT -p tcp -d amazonaws.com -j ACCEPT
iptables -A OUTPUT -p tcp -d imgur.com -j ACCEPT
iptables -A OUTPUT -p tcp -d googletagmanager.com -j ACCEPT
iptables -A OUTPUT -p tcp -d google-analytics.com -j ACCEPT
# Google login and others
iptables -A OUTPUT -p tcp -d google.com -j ACCEPT
iptables -A OUTPUT -p tcp -d googledrive.com -j ACCEPT
iptables -A OUTPUT -p tcp -d google-analytics.com -j ACCEPT
iptables -A OUTPUT -p tcp -d ytimg.com -j ACCEPT
iptables -A OUTPUT -p tcp -d googleapis.com -j ACCEPT
iptables -A OUTPUT -p tcp -d googleusercontent.com -j ACCEPT
iptables -A OUTPUT -p tcp -d gstatic.com -j ACCEPT
iptables -A OUTPUT -p tcp -d gv1.com -j ACCEPT
# Github
iptables -A OUTPUT -p tcp -d github.com -j ACCEPT
iptables -A OUTPUT -p tcp -d gv1.com -j ACCEPT
iptables -A OUTPUT -p tcp -d gv1.com -j ACCEPT
# Ubuntu updates
iptables -A OUTPUT -p tcp -d ubuntu.com -j ACCEPT
iptables -A OUTPUT -p tcp -d ca.archive.ubuntu.com -j ACCEPT
# Drop everything else
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP
# If I need SSH in
# iptables -A INPUT -p tcp -s 10.0.3.1 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment