Created
November 12, 2018 13:59
-
-
Save vulcan25/9f04b9a0f014b24b36180a685ed24a7e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# iptables script generated - | |
# http://www.mista.nu/iptables | |
IPT="/sbin/iptables" | |
# Flush old rules, old custom tables | |
$IPT --flush | |
$IPT --delete-chain | |
# Set default policies for all three default chains | |
$IPT -P INPUT DROP | |
$IPT -P FORWARD DROP | |
$IPT -P OUTPUT DROP | |
# Enable free use of loopback interfaces | |
$IPT -A INPUT -i lo -j ACCEPT | |
$IPT -A OUTPUT -o lo -j ACCEPT | |
# All TCP sessions should begin with SYN | |
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP | |
# Accept inbound TCP packets | |
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# Allow incoming SSH on port other than 22 (sshd runs on 9282) | |
$IPT -A INPUT -p tcp --dport 9282 -m state --state NEW -j ACCEPT | |
# Accept outbound packets, and outgoing DNS. | |
$IPT -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
$IPT -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT | |
# Outgoing http to certain hosts: Ubuntu APT, PyPy | |
$IPT -A OUTPUT -p tcp --dport 80 -d azure.archive.ubuntu.com,security.ubuntu.com,pypi.python.org -m state --state NEW -j ACCEPT | |
# Outgoing https for certain hosts: Let's encrypt: PyPy | |
$IPT -A OUTPUT -p tcp --dport 443 -d acme-v01.api.letsencrypt.org,pypi.python.org,letsencrypt.org -m state --state NEW -j ACCEPT | |
## Incoming Webserver 80/443 | |
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT | |
$IPT -A INPUT -p tcp --dport 443 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment