Skip to content

Instantly share code, notes, and snippets.

@henocdz

henocdz/iptables.md

Last active December 22, 2015 16:45
Show Gist options
  • Save henocdz/7d54eaf182ee5d63d178 to your computer and use it in GitHub Desktop.
Save henocdz/7d54eaf182ee5d63d178 to your computer and use it in GitHub Desktop.
Download ZIP
Basic IP Tables Config for Nginx, Postgresql and Python/Django servers
Raw
iptables.md

GENERAL

Allow connection to SSH port (defaults to 22)

-A INPUT -p tcp --dport 22 -j ACCEPT

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Drop all connections by default

-P INPUT DROP

Default policy should be change after we allow connections on SSH port

Python/Django

Allow Private Network to connect on port 8000

-A INPUT -i eth1 -p tcp --destination-port 8000 -j ACCEPT

NFS Protocol

-A INPUT -i eth1 -p tcp --destination-port 2049 -j ACCEPT

-A INPUT -i eth1 -p udp --destination-port 2049 -j ACCEPT

Allow Ping from anywhere

-A INPUT -p icmp -j ACCEPT

Supervisor

Allow connection from localhost to supervisor port, for supervisorctl command

-A INPUT -i lo -p tcp --destination-port 9001 -j ACCEPT

Postgresql

-A INPUT -i eth1 -p tcp --destination-port 5432 -j ACCEPT

Redis

Allow incoming connections to Redis DB from Private Network, interface eth1

-A INPUT -i eth1 -p tcp --destination-port 6379 -j ACCEPT

Nginx

Allow connections to port 80 and 443 (SSL) from public interface eth0

-A INPUT -i eth0 -p tcp --destination-port 80 -j ACCEPT

-A INPUT -i eth0 -p tcp --destination-port 443 -j ACCEPT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment