Skip to content

Instantly share code, notes, and snippets.

@sammy007 sammy007/ Secret
Last active Apr 23, 2019

What would you like to do?
Securing your ETH node
echo "Flush all rules"
# Flush all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
echo "iptables INPUT DROP policy"
# Chains
iptables -N TCP
iptables -N UDP
# Drop ALL
iptables -P INPUT DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
ipset restore -f /home/username/ipset/whitelist.txt -! # Restore from ipset dump file
# Open UDP ports
iptables -A UDP -p udp --dport 30303 -j ACCEPT
# Open TCP ports
iptables -A TCP -p tcp --dport 22 -j ACCEPT # SSH
iptables -A TCP -p tcp --dport 30303 -j ACCEPT
iptables -A TCP -p tcp -s XX.XX.XX.XX --dport 8545 -j ACCEPT # Allow RPC from single IP
# Allow RPC from all IPs in a whitelist
iptables -I INPUT -m set --match-set whitelist src -p TCP --match multiport --dports 8545 -j ACCEPT
create whitelist hash:ip family inet hashsize 1024 maxelem 65536
add whitelist
add whitelist

This comment has been minimized.

Copy link
Owner Author

commented Aug 29, 2015

sudo ipset create whitelist hash:ip family inet hashsize 1024 maxelem 65536 -!
sudo ipset add whitelist
sudo ipset add whitelist
sudo ipset save > /home/username/ipset/whitelist.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.