configuration Iptables hl server amazon ec2

1. ------------------------------------------------------------------------------
2. ifconfig
3. ------------------------------------------------------------------------------
4. eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
5.             inet 172.31.26.95  netmask 255.255.240.0  broadcast 172.31.31.255
6.             inet6 fe80::469:4dff:fe51:b6fd  prefixlen 64  scopeid 0x20<link>
7.             ether 06:69:4d:51:b6:fd  txqueuelen 1000  (Ethernet)
8.             RX packets 217  bytes 28152 (27.4 KiB)
9.             RX errors 0  dropped 0  overruns 0  frame 0
10.             TX packets 285  bytes 31224 (30.4 KiB)
11.             TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
12.  
13.     lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
14.             inet 127.0.0.1  netmask 255.0.0.0
15.             inet6 ::1  prefixlen 128  scopeid 0x10<host>
16.             loop  txqueuelen 1  (Local Loopback)
17.             RX packets 6  bytes 416 (416.0 B)
18.             RX errors 0  dropped 0  overruns 0  frame 0
19.             TX packets 6  bytes 416 (416.0 B)
20.             TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
21. ------------------------------------------------------------------------------
22. sudo iptables -S
23. ------------------------------------------------------------------------------
24. -P INPUT ACCEPT
25. -P FORWARD ACCEPT
26. -P OUTPUT ACCEPT
27. -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
28. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
29. -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
30. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
31. -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
32. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
33. -A INPUT -p tcp -m tcp --dport 48 -j ACCEPT
34. -A INPUT -p tcp -m tcp --dport 47 -j ACCEPT
35. -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
36. -A INPUT -p tcp -m tcp --dport 27015 -j ACCEPT
37. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
38. -A INPUT -p icmp -j ACCEPT
39. -A INPUT -i lo -j ACCEPT
40. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
41. -A INPUT -j REJECT --reject-with icmp-host-prohibited
42. -A INPUT -s 127.0.0.1/32 -j ACCEPT
43. -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
44. -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
45. -A INPUT -p udp -m udp --dport 1200 -j ACCEPT
46. -A INPUT -p udp -m udp --dport 27000 -j ACCEPT
47. -A INPUT -p tcp -m tcp --dport 27020 -j ACCEPT
48. -A INPUT -p tcp -m tcp --dport 27039 -j ACCEPT
49. -A INPUT -p udp -m udp --dport 27020 -j ACCEPT
50. -A INPUT -d 172.31.26.95/32 -p udp -m udp --dport 27015
51. -A INPUT -d 35.156.12.85/32 -p udp -m udp --dport 27015
52. -A INPUT -d 35.156.12.85/32 -p tcp -m tcp --dport 27015 -j ACCEPT
53. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
54. ------------------------------------------------------------------------------
55. cat /etc/sysconfig/iptables-config
56. ------------------------------------------------------------------------------
57. # Load additional iptables modules (nat helpers)
58. #   Default: -none-
59. # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
60. # are loaded after the firewall rules are applied. Options for the helpers are
61. # stored in /etc/modprobe.conf.
62. IPTABLES_MODULES=""
63.  
64. # Unload modules on restart and stop
65. #   Value: yes|no,  default: yes
66. # This option has to be 'yes' to get to a sane state for a firewall
67. # restart or stop. Only set to 'no' if there are problems unloading netfilter
68. # modules.
69. IPTABLES_MODULES_UNLOAD="yes"
70.  
71. # Save current firewall rules on stop.
72. #   Value: yes|no,  default: no
73. # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
74. # (e.g. on system shutdown).
75. IPTABLES_SAVE_ON_STOP="no"
76.  
77. # Save current firewall rules on restart.
78. #   Value: yes|no,  default: no
79. # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
80. # restarted.
81. IPTABLES_SAVE_ON_RESTART="no"
82.  
83. # Save (and restore) rule and chain counter.
84. #   Value: yes|no,  default: no
85. # Save counters for rules and chains to /etc/sysconfig/iptables if
86. # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
87. # SAVE_ON_RESTART is enabled.
88. IPTABLES_SAVE_COUNTER="no"
89.  
90. # Numeric status output
91. #   Value: yes|no,  default: yes
92. # Print IP addresses and port numbers in numeric format in the status output.
93. IPTABLES_STATUS_NUMERIC="yes"
94.  
95. # Verbose status output
96. #   Value: yes|no,  default: yes
97. # Print info about the number of packets and bytes plus the "input-" and
98. # "outputdevice" in the status output.
99. IPTABLES_STATUS_VERBOSE="no"
100.  
101. # Status output with numbered lines
102. #   Value: yes|no,  default: yes
103. # Print a counter/number for every rule in the status output.
104. IPTABLES_STATUS_LINENUMBERS="yes"
105.  
106. # Reload sysctl settings on start and restart
107. #   Default: -none-
108. # Space separated list of sysctl items which are to be reloaded on start.
109. # List items will be matched by fgrep.
110. #IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
111. ------------------------------------------------------------------------------
112. sudo ip6tables -S
113. ------------------------------------------------------------------------------
114. -P INPUT ACCEPT
115. -P FORWARD ACCEPT
116. -P OUTPUT ACCEPT
117. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
118. -A INPUT -p ipv6-icmp -j ACCEPT
119. -A INPUT -i lo -j ACCEPT
120. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
121. -A INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT
122. -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
123. -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
124. ------------------------------------------------------------------------------
125. lsmod |grep iptab
126. ------------------------------------------------------------------------------
127. iptable_filter         12810  0
128. ip_tables              27115  1 iptable_filter