Skip to content

Instantly share code, notes, and snippets.

@insdavm

insdavm/iptables.rules

Created December 24, 2018 15:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save insdavm/2c0088cdc944ec0343a7ea42799c0a44 to your computer and use it in GitHub Desktop.
Save insdavm/2c0088cdc944ec0343a7ea42799c0a44 to your computer and use it in GitHub Desktop.
Download ZIP
Stateful firewall for laptop/personal computer that isn't running any services like HTTP or SSH
Raw
iptables.rules
# Generated by iptables-save v1.8.2 on Mon Dec 24 10:42:19 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6:852]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Mon Dec 24 10:42:19 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment