Last active
August 29, 2015 14:15
-
-
Save merouanekhalili/4f06437c7f3b955edfba to your computer and use it in GitHub Desktop.
iptables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Vider les tables actuelles | |
| iptables -t filter -F | |
| # Vider les règles personnelles | |
| iptables -t filter -X | |
| # Interdire toute connexion entrante et sortante | |
| iptables -t filter -P INPUT DROP | |
| iptables -t filter -P FORWARD DROP | |
| iptables -t filter -P OUTPUT DROP | |
| # --- | |
| # Ne pas casser les connexions etablies | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # Autoriser loopback | |
| iptables -t filter -A INPUT -i lo -j ACCEPT | |
| iptables -t filter -A OUTPUT -o lo -j ACCEPT | |
| # ICMP (Ping) | |
| iptables -t filter -A INPUT -p icmp -j ACCEPT | |
| iptables -t filter -A OUTPUT -p icmp -j ACCEPT | |
| # --- | |
| # SSH In | |
| iptables -t filter -A INPUT -p tcp --dport 3232 -j ACCEPT | |
| # SSH Out | |
| iptables -t filter -A OUTPUT -p tcp --dport 3232 -j ACCEPT | |
| # DNS In/Out | |
| iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT | |
| iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT | |
| # NTP Out | |
| iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT | |
| # HTTP + HTTPS Out | |
| iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 7071 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT | |
| # HTTP + HTTPS In | |
| iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 7071 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT | |
| # FTP Out | |
| iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT | |
| # FTP In | |
| modprobe ip_conntrack_ftp # ligne facultative avec les serveurs OVH | |
| iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT | |
| iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Mail SMTP:25 | |
| iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT | |
| # Mail SMTP:443 | |
| iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT | |
| # Mail SMTP:465 | |
| iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT | |
| # Mail SMTP:587 | |
| iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT | |
| # Mail POP3:110 | |
| iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT | |
| # Mail IMAP:143 | |
| iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT | |
| # Mail IMAP:993 | |
| iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT | |
| # Mail POP3S:995 | |
| iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT | |
| # Mail POP3S:9071 | |
| iptables -t filter -A INPUT -p tcp --dport 9071 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 9071 -j ACCEPT | |
| # Monit | |
| iptables -t filter -A INPUT -p tcp --dport 8888 -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment