- *filter
- # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't $
- -A INPUT -i lo -j ACCEPT
- -A INPUT -d 127.0.0.0/8 -j REJECT
- # Accept all established inbound connections
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow all outbound traffic - you can modify this to only allow certain traff$
- -A OUTPUT -j ACCEPT
- # Allow HTTP and HTTPS connections from anywhere (the normal ports for website$
- -A INPUT -p tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp --dport 443 -j ACCEPT
- # Allow SSH connections
- #
- # The -dport number should be the same port number you set in sshd_config
- -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
- # Allow ping
- -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- # Forward port 80 to 8080
- # Error here
- -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 3128
- # Log iptables denied calls
- -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-l$
- # Drop all other inbound - default deny unless explicitly allowed policy
- -A INPUT -j DROP
- -A FORWARD -j DROP
- COMMIT
SHARE
TWEET
Untitled
a guest
Sep 17th, 2015
72
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data