Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on May 9th, 2012  |  syntax: None  |  size: 1.10 KB  |  hits: 17  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. # 1. Delete all existing rules
  2. sudo /sbin/iptables -F
  3.  
  4. # 2. Set default chain policies
  5. sudo /sbin/iptables -P INPUT DROP
  6. sudo /sbin/iptables -P FORWARD DROP
  7. sudo /sbin/iptables -P OUTPUT DROP
  8.  
  9. # 3. Allow incoming SSH
  10. sudo /sbin/iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
  11. sudo /sbin/iptables -A OUTPUT -o venet0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
  12.  
  13. # 4. Allow incoming HTTP
  14. sudo /sbin/iptables -A INPUT -i venet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
  15. sudo /sbin/iptables -A OUTPUT -o venet0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
  16.  
  17. # 5. Allow outgoing SSH
  18. sudo /sbin/iptables -A OUTPUT -o venet0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
  19. sudo /sbin/iptables -A INPUT -i venet0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
  20.  
  21. # 6. Allow ICMP
  22. sudo /sbin/iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
  23. sudo /sbin/iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
  24.  
  25. # Save and show
  26. sudo /sbin/service iptables save
  27. sudo /sbin/service iptables -L
create a new version of this paste RAW Paste Data