Created
December 12, 2010 21:41
-
-
Save mikeclarke/738359 to your computer and use it in GitHub Desktop.
Initial iptables configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Flush iptables rules (start with a clean slate where all traffic to all destinations is allowed) | |
iptables -F | |
# Allow loopback traffic | |
iptables -A INPUT -i lo -j ACCEPT | |
# Reject traffic destined to any port on IP address 127.0.0 through 127.0.0.7 | |
# iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT | |
# Allow all ESTABLISHED and RELATED connections to stay up | |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# Allow all external hosts to be reachable from the box | |
iptables -A OUTPUT -j ACCEPT | |
# Allow PostgreSQL (port 5432) to accept connections | |
iptables -A INPUT -p tcp --dport 5432 -j ACCEPT | |
# Allow Apache (ports 80/443) to accept connections | |
iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
# Allow new inbound SSH connections (don't forget this rule, or you can't log in!) | |
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT | |
# Respond to pings | |
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
# Rejet all other INPUT/FORWARD traffic | |
iptables -A INPUT -j REJECT | |
iptables -A FORWARD -j REJECT | |
# Save these rules to be reloaded on boot | |
service iptables save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment