Created
August 11, 2017 01:19
-
-
Save mjmunger/0ee176b88ce403d743bfad6129878f37 to your computer and use it in GitHub Desktop.
iptables settings for eCommerce (Only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Default deny | |
iptables -P INPUT DROP | |
iptables -P FORWARD DROP | |
iptables -P OUTPUT ACCEPT | |
#Allow established sessions | |
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
#Allow localhost | |
iptables -A INPUT -i lo -j ACCEPT | |
iptables -A OUTPUT -o lo -j ACCEPT | |
#Allow tcp/80 (HTTP) | |
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
#Allow tcp/443 (HTTPS) | |
iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
#Allow SSH on our random port | |
iptables -A INPUT -p tcp --dport 32637 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment