Skip to content

Instantly share code, notes, and snippets.

@madwork

madwork/iptables-stop.sh

Created December 3, 2013 12:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save madwork/7768009 to your computer and use it in GitHub Desktop.
Save madwork/7768009 to your computer and use it in GitHub Desktop.
Download ZIP
My generic iptables rule set
Raw
iptables-stop.sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
Raw
iptables.sh
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -i eth0 -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set --name SSH
iptables -A INPUT -i eth0 -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -p tcp -m multiport --dports ssh,http,https -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m limit --limit 10/s -j ACCEPT
iptables -A INPUT -i eth0 -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment