Skip to content

Instantly share code, notes, and snippets.

@kenperkins

kenperkins/Summary.md

Last active December 16, 2015 01:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kenperkins/5356012 to your computer and use it in GitHub Desktop.
Save kenperkins/5356012 to your computer and use it in GitHub Desktop.
Download ZIP
Baseline IPTABLES rules for running Devstack securely
Raw
iptables-save-output.txt
# Generated by iptables-save v1.4.12 on Wed Apr 10 16:03:37 2013
*filter
:INPUT DROP [2:656]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:548]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s YOUR--IP-ADDRESS-HERE -j ACCEPT
COMMIT
Raw
Summary.md

I've been doing a lot of devstack deployments to cloud instances, and someone managed to compromise a box (I recevied an email from Rackspace Abuse). I wasn't locking my boxes down, and so I assume that someone used the default devstack credentials to get into the box.

So from now on, I'm going to load the following iptables script into every box (output with iptables-save).

http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/

Read more on creating the perfect iptables ruleset.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment