mjmunger/gist:0ee176b88ce403d743bfad6129878f37

## gistfile1.txt
#!/bin/bash

#Default deny
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#Allow established sessions
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

#Allow localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#Allow tcp/80 (HTTP)
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

#Allow tcp/443 (HTTPS)
iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

#Allow SSH on our random port
iptables -A INPUT -p tcp --dport 32637  -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
	#!/bin/bash

	#Default deny
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT

	#Allow established sessions
	iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

	#Allow localhost
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT

	#Allow tcp/80 (HTTP)
	iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

	#Allow tcp/443 (HTTPS)
	iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

	#Allow SSH on our random port
	iptables -A INPUT -p tcp --dport 32637 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT