Last active
November 30, 2022 19:11
-
-
Save trkyshorty/664731ba2aa3247dc436f555bfe4498b to your computer and use it in GitHub Desktop.
Laradock iptables rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#Set administrator ips here | |
Whitelist=("ADMIN_IP1 ADMIN_IP2 ADMIN_IP3") | |
#Host server flush | |
iptables -F | |
#Host server configuration | |
iptables -A INPUT -m state --state INVALID -j DROP | |
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -A INPUT -i lo -j ACCEPT | |
iptables -A OUTPUT -o lo -j ACCEPT | |
# Allow Whitelist ip for host | |
for i in ${Whitelist[@]} | |
do | |
iptables -A INPUT -s $i -j ACCEPT | |
done | |
# Drop all incoming and forwarding connections by default. | |
iptables -P INPUT DROP | |
iptables -P FORWARD DROP | |
# Drop all forwarded connections from the external interface in the DOCKER-USER chain. | |
iptables -I DOCKER-USER -i eth0 -j DROP | |
# Allow established and related incoming connections. | |
iptables -I DOCKER-USER -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN | |
# Allow Whitelist ip for docker container | |
for i in ${Whitelist[@]} | |
do | |
iptables -I DOCKER-USER -i eth0 -s $i -j RETURN | |
done | |
# Allow incoming specified tcp port connections | |
iptables -I DOCKER-USER -i eth0 -p tcp --dport 80 -j RETURN | |
iptables -I DOCKER-USER -o eth0 -p tcp --sport 80 -j RETURN | |
iptables -I DOCKER-USER -i eth0 -p tcp --dport 443 -j RETURN | |
iptables -I DOCKER-USER -o eth0 -p tcp --sport 443 -j RETURN | |
# Allow incoming specified udp port connections | |
iptables -I DOCKER-USER -i eth0 -p udp --dport 80 -j RETURN | |
iptables -I DOCKER-USER -o eth0 -p udp --sport 80 -j RETURN | |
iptables -I DOCKER-USER -i eth0 -p udp --dport 443 -j RETURN | |
iptables -I DOCKER-USER -o eth0 -p udp --sport 443 -j RETURN |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment