Skip to content

Instantly share code, notes, and snippets.

@swoopsta

swoopsta/iptables.sh

Last active Apr 10, 2018
Embed
What would you like to do?
IP Tables for VPN LXC Instance
#! /bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Flush V6
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -F
ip6tables -X
# allow Localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Make sure you can communicate with any DHCP server
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -p udp -m udp --dport 53 -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A OUTPUT -p udp -m udp --dport 1198 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment