Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- iptables -t filter -F
- iptables -t filter -X
- iptables -t filter -P INPUT DROP
- iptables -t filter -P FORWARD DROP
- iptables -t filter -P OUTPUT DROP
- iptables -t filter -A INPUT -o lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
- or
- iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A OUTPUT -p icmp -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
- iptables -A INPUT --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
- iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
- iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -m state ! --state INVALID -j ACCEPT
- #if I want to open a port:
- iptables -t filter -A INPUT -s 192.168.0.0/24 --dport 110 -j ACCEPT
- iptables -t filter -A OUTPUT -s 192.168.0.0/24 --sport 110 -j ACCEPT
- #
- iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
- iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
- iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
