Skip to content

Instantly share code, notes, and snippets.

@iluwatar

iluwatar/setup_iptables.sh

Created November 19, 2014 19:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iluwatar/4a029f3a1e565a0934cf to your computer and use it in GitHub Desktop.
Save iluwatar/4a029f3a1e565a0934cf to your computer and use it in GitHub Desktop.
Download ZIP
Basic iptables firewall (CentOS 6)
Raw
setup_iptables.sh
#!/bin/bash
# Flush all current rules from iptables
iptables -F
ip6tables -F
# Allow SSH connections on the following tcp ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 3306 -j ACCEPT
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT ACCEPT
# Set access for localhost
iptables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Save settings
/sbin/service iptables save
/sbin/service ip6tables save
# List rules
iptables -L -v
ip6tables -L -v
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment