Skip to content

Instantly share code, notes, and snippets.

@black23
Created December 2, 2015 20:50
Show Gist options
  • Save black23/4334e72cace83150fcb2 to your computer and use it in GitHub Desktop.
Save black23/4334e72cace83150fcb2 to your computer and use it in GitHub Desktop.
# Flush the tables to apply changes
iptables -F
# Allow established connections (the responses to our outgoing traffic)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# SSH from anywhere
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
# Default policy to drop 'everything' but our output to internet
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Allow local programs that use loopback (Unix sockets)
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
# Uncomment this line to allow incoming SSH/SCP conections to this machine,
# for traffic from 10.20.0.2 (you can use also use a network definition as
# source like 10.20.0.0/22).
# iptables -A INPUT -s 10.20.0.2 -p tcp --dport 22 -m state --state NEW -j ACCEPT
# Tento řádek povolí přístup na port 8443 pouze z IP cpk-front.mzk.cz
iptables -A INPUT -s 195.113.155.74 -p tcp --dport 8443 -j ACCEPT
# default http port
#iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
# default https port
#iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
# More can found at http://doc.norang.ca/iptables.html or at https://wiki.debian.org/iptables
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment