Skip to content

Instantly share code, notes, and snippets.

Last active January 10, 2023 02:41
Show Gist options
  • Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Basic firewall (iptables) script for CentOS with openings for SSH, HTTP and HTTPS
# see
# Set the default policies to allow everything while we set up new rules
# Prevents cutting yourself off when running from remote SSH
iptables -P INPUT ACCEPT
# Flush any existing rules, leaving just the defaults
iptables -F
# Open port 22 for incoming SSH connections
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Open port 80 for incoming HTTP requests
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Open port 443 for incoming HTTPS requests
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# open port 8080 for Oracle XDB/EPG (uncomment if required)
#iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
# open port 1521 for SQL*Net (uncomment if required)
# NOTE: this is not needed for a web server, but can be useful for a dev environment
# replace with your own client IP address
#iptables -A INPUT -p tcp --dport 1521 -s -j ACCEPT
# *** Put any additions to the INPUT chain here
# *** End of additions to INPUT chain
# accept any localhost (loopback) calls
iptables -A INPUT -i lo -j ACCEPT
# allow any existing connection to remain
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# reset the default policies to stop all incoming and forward requests
iptables -P INPUT DROP
iptables -P FORWARD DROP
# accept any outbound requests from this server
# save the settings
service iptables save
# display the settings
iptables -L -v --line-numbers
Copy link

thank you do it secure and block any open port ?

Copy link

As you can see from the comments in the script, all incoming requests are blocked except those on specific ports.

Copy link

fore secure server just control ipTable is Enough ?

Copy link

This is an old article, but still useful for an overview of how to secure your Linux server:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment