Created
May 10, 2016 15:13
-
-
Save jpic/3074bfea70e288542900d2385641209f to your computer and use it in GitHub Desktop.
Logdrop iptable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by iptables-save v1.4.21 on Tue May 10 17:03:12 2016 | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [1228037347:3674412776210] | |
| :LOGDROP - [0:0] | |
| :TCP - [0:0] | |
| :UDP - [0:0] | |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j LOGDROP | |
| -A INPUT -p udp -m conntrack --ctstate NEW -j UDP | |
| -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP | |
| -A INPUT -j LOGDROP | |
| -A LOGDROP -p tcp -m limit --limit 5/min -j LOG --log-prefix "Denied TCP: " --log-level 7 | |
| -A LOGDROP -p udp -m limit --limit 5/min -j LOG --log-prefix "Denied UDP: " --log-level 7 | |
| -A LOGDROP -p icmp -m limit --limit 5/min -j LOG --log-prefix "Denied ICMP: " --log-level 7 | |
| -A LOGDROP -j DROP | |
| -A TCP -p tcp -m tcp --dport 80 -j ACCEPT | |
| -A TCP -p tcp -m tcp --dport 443 -j ACCEPT | |
| -A TCP -p tcp -m tcp --dport 873 -j ACCEPT | |
| -A TCP -p tcp -m tcp --dport 2222 -j ACCEPT | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment