Skip to content

Instantly share code, notes, and snippets.

@notslang
Last active October 28, 2021 20:15
Show Gist options
  • Save notslang/64dd0eeb5180871026a33dc5c4a7c702 to your computer and use it in GitHub Desktop.
Save notslang/64dd0eeb5180871026a33dc5c4a7c702 to your computer and use it in GitHub Desktop.
# delete existing rules
iptables -F
# drop all traffic not explicitly allowed
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# allow ping from inside
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
# allow ping from outside
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# allow DNS connections
iptables -A OUTPUT -p udp -dport 53 -j ACCEPT
iptables -A INPUT -p udp -sport 53 -j ACCEPT
# allow HTTP
iptables -A OUTPUT -p tcp -dport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# allow HTTPS
iptables -A OUTPUT -p tcp -dport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -sport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# allow SSH
iptables -A OUTPUT -p tcp -dport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment