Skip to content

Instantly share code, notes, and snippets.

Last active January 10, 2023 02:41
Show Gist options
  • Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Save mortenbra/cbc3c175895d4ad107ba to your computer and use it in GitHub Desktop.
Basic firewall (iptables) script for CentOS with openings for SSH, HTTP and HTTPS
# see
# Set the default policies to allow everything while we set up new rules
# Prevents cutting yourself off when running from remote SSH
iptables -P INPUT ACCEPT
# Flush any existing rules, leaving just the defaults
iptables -F
# Open port 22 for incoming SSH connections
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Open port 80 for incoming HTTP requests
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Open port 443 for incoming HTTPS requests
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# open port 8080 for Oracle XDB/EPG (uncomment if required)
#iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
# open port 1521 for SQL*Net (uncomment if required)
# NOTE: this is not needed for a web server, but can be useful for a dev environment
# replace with your own client IP address
#iptables -A INPUT -p tcp --dport 1521 -s -j ACCEPT
# *** Put any additions to the INPUT chain here
# *** End of additions to INPUT chain
# accept any localhost (loopback) calls
iptables -A INPUT -i lo -j ACCEPT
# allow any existing connection to remain
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# reset the default policies to stop all incoming and forward requests
iptables -P INPUT DROP
iptables -P FORWARD DROP
# accept any outbound requests from this server
# save the settings
service iptables save
# display the settings
iptables -L -v --line-numbers
Copy link

This is an old article, but still useful for an overview of how to secure your Linux server:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment