daily pastebin goal
75%
SHARE
TWEET

Untitled

a guest May 17th, 2018 96 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. *filter
  3.  
  4.  
  5. #  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
  6. -A INPUT -i lo -j ACCEPT
  7. -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
  8.  
  9.  
  10. #  Accepts all established inbound connections
  11. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  12.  
  13.  
  14. #  Allows all outbound traffic
  15. #  You can modify this to only allow certain traffic
  16. -A OUTPUT -j ACCEPT
  17.  
  18.  
  19. # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
  20. -A INPUT -p tcp --dport 80 -j ACCEPT
  21. -A INPUT -p tcp --dport 443 -j ACCEPT
  22.  
  23.  
  24. #  Allows SSH connections
  25. #
  26. # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
  27. #
  28. -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT
  29.  
  30.  
  31. # Allow ftp on port 21
  32. -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
  33.  
  34.  
  35. # Allow ping
  36. -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
  37.  
  38.  
  39. # log iptables denied calls
  40. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  41.  
  42.  
  43. # Reject all other inbound - default deny unless explicitly allowed policy
  44. -A INPUT -j REJECT
  45. -A FORWARD -j REJECT
  46.  
  47. COMMIT
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top