iptables ip4/6 basic rules

1. iptables -F
2. iptables -Z
3. iptables -P INPUT DROP
4. iptables -P OUTPUT DROP
5. iptables -P FORWARD ACCEPT
6. iptables -N BRUTEFORCE
7. iptables -A INPUT -i lo -j ACCEPT
8. iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
9. iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
10. iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --mask 255.255.255.255 --rsource -j BRUTEFORCE
11. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
12. iptables -A OUTPUT -o lo -j ACCEPT
13. iptables -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
14. iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
15. iptables -A BRUTEFORCE -p tcp -m tcp --dport 22 -j LOG --log-prefix "BRUTE FORCE OR DDOS SSH"
16. iptables -A BRUTEFORCE -j DROP
17. iptables -L
18.  
19.  
20. ip6tables -F
21. ip6tables -Z
22. ip6tables -P INPUT DROP
23. ip6tables -P OUTPUT DROP
24. ip6tables -P FORWARD ACCEPT
25. ip6tables -N BRUTEFORCE
26. ip6tables -A INPUT -i lo -j ACCEPT
27. ip6tables -A INPUT -p icmpv6 -j ACCEPT
28. ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
29. ip6tables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j BRUTEFORCE
30. ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
31. ip6tables -A OUTPUT -o lo -j ACCEPT
32. ip6tables -A OUTPUT -p icmpv6 -j ACCEPT
33. ip6tables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
34. ip6tables -A BRUTEFORCE -p tcp -m tcp --dport 22 -j LOG --log-prefix "BRUTE FORCE OR DDOS SSH"
35. ip6tables -A BRUTEFORCE -j DROP
36. ip6tables -L