Last active
January 10, 2023 02:41
-
-
Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Basic firewall (iptables) script for CentOS with openings for SSH, HTTP and HTTPS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# see http://oracle-base.com/articles/linux/linux-firewall.php | |
# Set the default policies to allow everything while we set up new rules | |
# Prevents cutting yourself off when running from remote SSH | |
iptables -P INPUT ACCEPT | |
iptables -P FORWARD ACCEPT | |
iptables -P OUTPUT ACCEPT | |
# Flush any existing rules, leaving just the defaults | |
iptables -F | |
# Open port 22 for incoming SSH connections | |
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
# Open port 80 for incoming HTTP requests | |
iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
# Open port 443 for incoming HTTPS requests | |
iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
# open port 8080 for Oracle XDB/EPG (uncomment if required) | |
#iptables -A INPUT -p tcp --dport 8080 -j ACCEPT | |
# open port 1521 for SQL*Net (uncomment if required) | |
# NOTE: this is not needed for a web server, but can be useful for a dev environment | |
# replace 1.2.3.4 with your own client IP address | |
#iptables -A INPUT -p tcp --dport 1521 -s 1.2.3.4 -j ACCEPT | |
# *** Put any additions to the INPUT chain here | |
# | |
# *** End of additions to INPUT chain | |
# accept any localhost (loopback) calls | |
iptables -A INPUT -i lo -j ACCEPT | |
# allow any existing connection to remain | |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# reset the default policies to stop all incoming and forward requests | |
iptables -P INPUT DROP | |
iptables -P FORWARD DROP | |
# accept any outbound requests from this server | |
iptables -P OUTPUT ACCEPT | |
# save the settings | |
service iptables save | |
# display the settings | |
iptables -L -v --line-numbers |
fore secure server just control ipTable is Enough ?
This is an old article, but still useful for an overview of how to secure your Linux server: https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As you can see from the comments in the script, all incoming requests are blocked except those on specific ports.