Last active
September 30, 2018 06:16
-
-
Save mrhyde/f60e9bba74f1b5c0d437 to your computer and use it in GitHub Desktop.
Basic iptables rules for web server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # flush all chains | |
| iptables -F | |
| iptables -X | |
| # set the default policy for each of the pre-defined chains | |
| iptables -P INPUT DROP | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD DROP | |
| # accept anything on localhost | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A OUTPUT -o lo -j ACCEPT | |
| # allow traffic once a connection has been made | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # syn flod protection | |
| iptables -N SYN_FLOOD | |
| iptables -A INPUT -p tcp --syn -j SYN_FLOOD | |
| iptables -A SYN_FLOOD -m limit --limit 5/s --limit-burst 10 -j RETURN | |
| iptables -A SYN_FLOOD -j DROP | |
| # accept anything on ssh port | |
| iptables -A INPUT -p tcp --dport ssh -j ACCEPT | |
| # accept anything on glink port | |
| iptables -A INPUT -p tcp --dport 80 -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment