arekgotfryd/gist:9cfd50c1282506ac572d6a93c3ecf746

## gistfile1.txt
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
#icmp
iptables -A OUTPUT -o eno16777728 --proto icmp -m icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -i eno16777728 --proto icmp -m icmp --icmp-type echo-reply -j ACCEPT
#dns
iptables -A OUTPUT -o eno16777728 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eno16777728 -p udp -m udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
#ssh
iptables -A INPUT -i eno16777728 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eno16777728 -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
#ssh particular host allowed
iptables -A INPUT -i eno16777728 -p tcp -m tcp --dport 22 -s 100.120.12.10 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eno16777728 -p tcp -m tcp --sport 22 -d 100.120.12.10 -m state --state ESTABLISHED -j ACCEPT
	iptables -F
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT DROP
	#icmp
	iptables -A OUTPUT -o eno16777728 --proto icmp -m icmp --icmp-type echo-request -j ACCEPT
	iptables -A INPUT -i eno16777728 --proto icmp -m icmp --icmp-type echo-reply -j ACCEPT
	#dns
	iptables -A OUTPUT -o eno16777728 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
	iptables -A INPUT -i eno16777728 -p udp -m udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
	#ssh
	iptables -A INPUT -i eno16777728 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -o eno16777728 -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
	#ssh particular host allowed
	iptables -A INPUT -i eno16777728 -p tcp -m tcp --dport 22 -s 100.120.12.10 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -o eno16777728 -p tcp -m tcp --sport 22 -d 100.120.12.10 -m state --state ESTABLISHED -j ACCEPT