# Allow localhost traffic
iptables -A INPUT -i lo -j ACCEPT
# INVALID type packets should be DROPped regardless of source.
iptables -A INPUT -m state --state INVALID -j DROP
# Allow traffic for related/established connections already running
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow all new connections/traffic from the local subnet you're on
# (10.20.30.0/24 is used in example)
iptables -A INPUT -m state --state NEW -s 10.20.30.0/24 -j ACCEPT
# Whitelist your IPs - repeat this step for each of your IPs permitted
# to access the machine outside of local network
iptables -A INPUT -s IPADDRESS -m state --state NEW -j ACCEPT
# If you have other services you want to configure for *public* access, then
# use this rule as a template and execute this before you follow the last step.
#
# Change PROTO to the protocol (tcp/udp, etc.) and PORT to the port number
# (80 for HTTP, ex.)
#
# Add this to the end of the rule if you want to allow only certain
# IPs to the specified service:
# -s IPADDRESS
iptables -A INPUT -p PROTO --dport PORT -m state --state NEW -j ACCEPT
# Deny all other traffic
iptables -A INPUT -j REJECT --reject-with icmp-host-unreachable
Created
November 16, 2022 17:20
-
-
Save rubenarakelyan/1c8e4813cb10c40f14d112d3fc892176 to your computer and use it in GitHub Desktop.
Lock down new server network
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment