Created
October 3, 2008 16:19
-
-
Save jamesgolick/14576 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Remove all rules and chains | |
iptables -F | |
iptables -X | |
# first set the default behaviour => accept connections | |
iptables -P INPUT ACCEPT | |
iptables -P OUTPUT ACCEPT | |
iptables -P FORWARD ACCEPT | |
# Create 2 chains, it allows to write a clean script | |
iptables -N FIREWALL | |
iptables -N TRUSTED | |
# Allow ESTABLISHED and RELATED incoming connection | |
iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# Allow loopback traffic | |
iptables -A FIREWALL -i lo -j ACCEPT | |
# Send all package to the TRUSTED chain | |
iptables -A FIREWALL -j TRUSTED | |
# DROP all other packets | |
iptables -A FIREWALL -j DROP | |
# Send all INPUT packets to the FIREWALL chain | |
iptables -A INPUT -j FIREWALL | |
# DROP all forward packets, we don't share internet connection in this example | |
iptables -A FORWARD -j DROP | |
iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT | |
iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | |
pkts bytes target prot opt in out source destination | |
12M 1058M FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 | |
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
pkts bytes target prot opt in out source destination | |
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 | |
Chain OUTPUT (policy ACCEPT 7722K packets, 27G bytes) | |
pkts bytes target prot opt in out source destination | |
Chain FIREWALL (1 references) | |
pkts bytes target prot opt in out source destination | |
11M 1017M ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | |
330K 30M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 | |
199K 11M TRUSTED all -- * * 0.0.0.0/0 0.0.0.0/0 | |
5373 243K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 | |
Chain TRUSTED (1 references) | |
pkts bytes target prot opt in out source destination | |
176 10536 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 | |
194K 11M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment