-
-
Save sammy007/1ce39d4b41b0310522ea to your computer and use it in GitHub Desktop.
Securing your ETH node
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
echo "Flush all rules" | |
# Flush all rules | |
iptables -F | |
iptables -X | |
iptables -t nat -F | |
iptables -t nat -X | |
iptables -t mangle -F | |
iptables -t mangle -X | |
iptables -P INPUT ACCEPT | |
iptables -P FORWARD ACCEPT | |
iptables -P OUTPUT ACCEPT | |
echo "iptables INPUT DROP policy" | |
# Chains | |
iptables -N TCP | |
iptables -N UDP | |
# Drop ALL | |
iptables -P INPUT DROP | |
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
iptables -A INPUT -i lo -j ACCEPT | |
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP | |
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP | |
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP | |
ipset restore -f /home/username/ipset/whitelist.txt -! # Restore from ipset dump file | |
# Open UDP ports | |
iptables -A UDP -p udp --dport 30303 -j ACCEPT | |
# Open TCP ports | |
iptables -A TCP -p tcp --dport 22 -j ACCEPT # SSH | |
iptables -A TCP -p tcp --dport 30303 -j ACCEPT | |
iptables -A TCP -p tcp -s XX.XX.XX.XX --dport 8545 -j ACCEPT # Allow RPC from single IP | |
# Allow RPC from all IPs in a whitelist | |
iptables -I INPUT -m set --match-set whitelist src -p TCP --match multiport --dports 8545 -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
create whitelist hash:ip family inet hashsize 1024 maxelem 65536 | |
add whitelist 127.0.0.1 | |
add whitelist 192.168.0.1 |
Author
sammy007
commented
Aug 29, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment