Created
February 27, 2013 13:42
-
-
Save steve-taylor/5047968 to your computer and use it in GitHub Desktop.
General purpose iptables script for a web server, allowing incoming TCP connections only on ports 22, 80 and 443, responses to outbound DNS requests, outbound and inbound pings, and outbound TCP connections. On some earlier versions of Linux (e.g. Centos 6.0), I have noticed that it is not enough to simply allow all outbound packets to allow TCP…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| service iptables stop | |
| iptables -F | |
| iptables -P INPUT ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD DROP | |
| # Allow all loopback | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # Allow incoming SSH, HTTP and HTTPS | |
| iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| # Allow DNS responses | |
| iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT | |
| # Drop all incoming TCP packets with the SYN bit set. | |
| iptables -A INPUT -p tcp --syn -m state --state NEW -j DROP | |
| service iptables save | |
| service iptables restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment