daily pastebin goal
59%
SHARE
TWEET

Untitled

a guest May 17th, 2018 95 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. *filter
  3.  
  4.  
  5. #  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
  6. -A INPUT -i lo -j ACCEPT
  7. -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
  8.  
  9.  
  10. #  Accepts all established inbound connections
  11. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  12.  
  13.  
  14. #  Allows all outbound traffic
  15. #  You can modify this to only allow certain traffic
  16. -A OUTPUT -j ACCEPT
  17.  
  18.  
  19. # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
  20. -A INPUT -p tcp --dport 80 -j ACCEPT
  21. -A INPUT -p tcp --dport 443 -j ACCEPT
  22.  
  23.  
  24. #  Allows SSH connections
  25. #
  26. # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
  27. #
  28. -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT
  29.  
  30.  
  31. # Allow ftp on port 21
  32. -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
  33.  
  34.  
  35. # Allow ping
  36. -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
  37.  
  38.  
  39. # log iptables denied calls
  40. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  41.  
  42.  
  43. # Reject all other inbound - default deny unless explicitly allowed policy
  44. -A INPUT -j REJECT
  45. -A FORWARD -j REJECT
  46.  
  47. COMMIT
RAW Paste Data
Top