iptables example

gistfile1.sh

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:LOG_PINGDEATH - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -f -j LOG --log-prefix "[IPTABLES FRAGMENT] : "
-A INPUT -f -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j LOG_PINGDEATH
-A INPUT -d 255.255.255.255 -j DROP
-A INPUT -d 224.0.0.1 -j DROP
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp --dport 11111 -m state --state NEW -m recent --set --name SSH
-A INPUT -p tcp --dport 11111 -m state --state NEW -m recent --update --seconds 600 --hitcount 10 --rttl --name SSH -j LOG --log-prefix "SSH attack: "
-A INPUT -p tcp --dport 11111 -m state --state NEW -m recent --update --seconds 600 --hitcount 10 --rttl --name SSH -j DROP
-A INPUT -p tcp -m tcp --dport 11111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A LOG_PINGDEATH -m limit --limit 1/sec --limit-burst 4 -j ACCEPT
-A LOG_PINGDEATH -j LOG --log-prefix "[IPTABLES PINGDEATH] : "
-A LOG_PINGDEATH -j DROP
COMMIT