API tools faq
paste
Advertisement
Guest User

iptables

a guest
Dec 19th, 2012
29
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.13 KB | None | 0 0
raw download clone embed print report
  1. *filter
  2.  
  3. # Set default rules for input/output/forward to drop the connection
  4. :INPUT DROP [0:0]
  5. :FORWARD DROP [0:0]
  6. :OUTPUT DROP [0:0]
  7.  
  8. # Allow traffic in and out of loopback host (127.0.0.1)
  9.  -A INPUT -i lo -j ACCEPT
  10.  -A OUTPUT -o lo -j ACCEPT
  11.  
  12. # If no SYN flag set on new connection, drop it
  13.  -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
  14.  
  15. # Allow incoming and outgoing pings
  16.  -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  17.  -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
  18.  -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
  19.  -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
  20.  
  21. # Allow SSH traffic in for ALL connections, out for ESTABLISHED connections
  22.  -A INPUT -i eth0 -p tcp --dport 52915 -m state --state NEW,ESTABLISHED -j ACCEPT
  23.  -A OUTPUT -o eth0 -p tcp --sport 52915 -m state --state ESTABLISHED -j ACCEPT
  24.  
  25. # Allow outgoing  DNS connections for ALL connections, in for ESTABLISHED connections
  26.  -A OUTPUT -o eth0 -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
  27.  -A INPUT -i eth0 -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
  28.  
  29. # Allow incoming and outgoing HTTP(S) connections
  30.  -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  31.  -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  32.  -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  33.  -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  34.  
  35. # Allow outgoing SMTP connections for ALL connections, in for ESTABLISHED connections
  36.  -A INPUT -i eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
  37.  -A INPUT -i eth0 -p tcp --sport 587 -m state --state ESTABLISHED -j ACCEPT
  38.  -A OUTPUT -o eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
  39.  -A OUTPUT -o eth0 -p tcp --dport 587 -m state --state NEW,ESTABLISHED -j ACCEPT
  40.  
  41. # Allow outgoing GIT connections for ALL connections, in for ESTABLISHED connections
  42.  -A INPUT -i eth0 -p tcp --sport 9418 -m state --state ESTABLISHED -j ACCEPT
  43.  -A OUTPUT -o eth0 -p tcp --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
  44.  
  45. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!