firewall.sh

#! /bin/bash

# Set the default policies to allow everything while we set up new rules.
# Prevents cutting yourself off when running from remote SSH.
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# Flush any existing rules, leaving just the defaults
iptables -F

# Open port 22 for incoming SSH connections.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Open 80 & 443
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# SMTP
#iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# POP3
#iptables -A INPUT -p tcp --dport 110 -j ACCEPT
# IMAP
#iptables -A INPUT -p tcp --dport 143 -j ACCEPT
# IMAPS
#iptables -A INPUT -p tcp --dport 993 -j ACCEPT
# POP3S
#iptables -A INPUT -p tcp --dport 995 -j ACCEPT

#
# Other rules...
#

# Accept any localhost (loopback) calls.
iptables -A INPUT -i lo -j ACCEPT

# Allow any existing connection to remain.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Reset the default policies to stop all incoming and forward requests.
iptables -P INPUT DROP
iptables -P FORWARD DROP
# Accept any outbound requests from this server.
iptables -P OUTPUT ACCEPT

# Save the settings.
service iptables save

# Allow ping.
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Display the settings.
iptables -L -v --line-numbers