ip tables rules

1. # place this file in etc
2. # and run it with a bash located here /etc/network/if-pre-up.d
3. # bash command sudo /sbin/iptables-restore < /etc/iptables.up.rules
4.  
5. # Generated by iptables-save v1.6.0 on Thu Dec 28 12:35:47 2017
6. *filter
7. :INPUT ACCEPT [3153:549434]
8. :FORWARD ACCEPT [0:0]
9. :OUTPUT ACCEPT [2890:317837]
10.  
11. # Don't forward traffic
12. -P FORWARD DROP
13.  
14. # Allow outgoing traffic
15. -P OUTPUT ACCEPT
16. # Allow established traffic
17. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
18. # Allow localhost traffic
19. -A INPUT -i lo -j ACCEPT
20. #############################
21. # MANAGEMENT RULES
22. #############################
23. # Allow SSH (alternate port)
24. -A INPUT -p tcp --dport 22 -j ACCEPT
25. #############################
26. # ACCESS RULES
27. #############################
28. # Allow web server
29. -A INPUT -p tcp --dport 8123 -j ACCEPT
30. -A OUTPUT -p tcp --sport 8123 -j ACCEPT
31. -A INPUT -p tcp --dport 80 -j ACCEPT
32. -A OUTPUT -p tcp --sport 80 -j ACCEPT
33. # Allow DNS
34. #Momchi
35. -A OUTPUT -p udp -o eth0 -d 93.152.140.187 --sport 53 -j ACCEPT
36. -A OUTPUT -p udp -o eth0 -d 93.152.140.187 --dport 53 -j ACCEPT
37. -A INPUT -p udp -i eth0 -s 93.152.140.187 --sport 53 -j ACCEPT
38. -A INPUT -p udp -i eth0 -s 93.152.140.187 --dport 53 -j ACCEPT
39.  
40. #sotex
41. -A OUTPUT -p udp -o eth0 -d 78.90.221.75 --sport 53 -j ACCEPT
42. -A OUTPUT -p udp -o eth0 -d 78.90.221.75 --dport 53 -j ACCEPT
43. -A INPUT -p udp -i eth0 -s 78.90.221.75 --sport 53 -j ACCEPT
44. -A INPUT -p udp -i eth0 -s 78.90.221.75 --dport 53 -j ACCEPT
45.  
46. # home.masoko.net 46.249.76.212
47.  
48. -A OUTPUT -p udp -o eth0 -d 46.249.76.212 --sport 53 -j ACCEPT
49. -A OUTPUT -p udp -o eth0 -d 46.249.76.212 --dport 53 -j ACCEPT
50. -A INPUT -p udp -i eth0 -s 46.249.76.212 --sport 53 -j ACCEPT
51. -A INPUT -p udp -i eth0 -s 46.249.76.212 --dport 53 -j ACCEPT
52.  
53. #home
54. -A OUTPUT -p udp -o eth0 -m iprange --dst-range 192.168.0.1-192.168.0.254 --sport 53 -j ACCEPT
55. -A OUTPUT -p udp -o eth0 -m iprange --dst-range 192.168.0.1-192.168.0.254 --dport 53 -j ACCEPT
56. -A INPUT -p udp -i eth0 -m iprange --src-range 192.168.0.1-192.168.0.254 --sport 53 -j ACCEPT
57. -A INPUT -p udp -i eth0 -m iprange --src-range 192.168.0.1-192.168.0.254 --dport 53 -j ACCEPT
58.  
59. # Allow NTP Assuming you are a CLIENT and want to access NTP servers you'd do:
60. -A OUTPUT -p udp --dport 123 -j ACCEPT
61. -A INPUT -p udp --sport 123 -j ACCEPT
62. # Assuming you want to be a server, you'd do
63. -A INPUT -p udp --dport 123 -j ACCEPT
64. -A OUTPUT -p udp --sport 123 -j ACCEPT
65. #############################
66. # DEFAULT DENY
67. #############################
68. -A INPUT -j DROP
69. COMMIT