Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
- -A INPUT -i lo -j ACCEPT
- -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
- # Accepts all established inbound connections
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allows all outbound traffic
- # You can modify this to only allow certain traffic
- -A OUTPUT -j ACCEPT
- # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
- -A INPUT -p tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp --dport 443 -j ACCEPT
- # Allows SSH connections
- #
- # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
- #
- -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT
- # Allow ftp on port 21
- -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
- # Allow ping
- -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
- # log iptables denied calls
- -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
- # Reject all other inbound - default deny unless explicitly allowed policy
- -A INPUT -j REJECT
- -A FORWARD -j REJECT
- COMMIT
Add Comment
Please, Sign In to add comment