Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #iptables config of simple VPS with HTTP secured by CloudFlare and SSH access
- #loopback
- iptables -I INPUT 1 -i lo -j ACCEPT
- #keep established conn's
- iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- #accept inbound ssh connection
- #NOTE: not default port
- iptables -A INPUT -p tcp --dport 4444 -j ACCEPT
- #ACCEPT IPv4 CloudFlare ranges
- iptables -A INPUT -p tcp --dport 80 -s 204.93.240.0/24 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 204.93.177.0/24 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 199.27.128.0/21 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 173.245.48.0/20 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 103.22.200.0/22 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 141.101.64.0/18 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 108.162.192.0/18 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -s 190.93.240.0/20 -j ACCEPT
- #DROP all other inbound connections on port 80
- iptables -A INPUT -p tcp --dport 80 -j DROP
- #DROP all other inbound connections choose the above or this one
- iptables -A INPUT -j DROP
- #enable informational loggging
- #remember to put in the correct position, line 12 chosen in this example
- iptables -I INPUT 12 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement