Skip to content

Instantly share code, notes, and snippets.

@yusufhm

yusufhm/iptables-firewall.sh

Last active August 29, 2015 14:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yusufhm/215ee2e8d5ecc1f3c81d to your computer and use it in GitHub Desktop.
Save yusufhm/215ee2e8d5ecc1f3c81d to your computer and use it in GitHub Desktop.
Download ZIP
Sample script for iptables firewall rules
Raw
iptables-firewall.sh
#!/bin/bash
#Bridge config
#for f in /proc/sys/net/bridge/bridge-nf-*; do echo 0 > $f; done
#Flush all before applying new rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
#Allow current connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#Allow SSH, HTTP(s), VPN, DHCP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
#iptables -A INPUT -p udp -s SOURCE_IP_TO_BE_CHANGED --dport 68 -j ACCEPT
#Allow everything from LXC network
#iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o br0 -j MASQUERADE
#iptables -A INPUT -s 10.10.10.0/24 -j ACCEPT
#iptables -A INPUT -i lxcbr0 -j ACCEPT
#Allow traffic from OpenVPN
#iptables -A INPUT -i tun+ -j ACCEPT
#Allow ping
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#Block all remaining incoming traffic
iptables -A INPUT -j DROP
#Enable logging
#iptables -I INPUT 11 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 4
#Allow loopback access
iptables -I INPUT 1 -i lo -j ACCEPT
#Open torrent ports
iptables -I INPUT -p tcp -m tcp --dport 49164:59164 -j ACCEPT
iptables -I OUTPUT -p tcp -m tcp --sport 49164:59164 -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment