1. Create a file /root/iptables.sh
2. Paste in the text below and edit as required
3. Give it execute permissions
4. ./iptables.sh to run it and it will update iptables as required
5. To check iptables, run: service iptables status
### SCRIPT ### service iptables stop # Drop all incoming traffic iptables -P INPUT DROP # Drop all forwarded traffic iptables -P FORWARD DROP # Drop all outgoing traffic iptables -P OUTPUT DROP # Allow all outgoing traffic iptables -P OUTPUT ACCEPT # Allow returning packets iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow MySQL only from a certain network #iptables -A INPUT -p tcp -m tcp -s XXX.XXX.XXX.0/24 --dport 3306 -j ACCEPT # Allow local traffic iptables -A INPUT -i lo -j ACCEPT # Allow incoming SSH on port 22 iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # Allow incoming 21 iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT # Allow incoming 3306 iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT # Allow incoming 80 iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # Allow incoming 443 iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # Allow ping iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT iptables-save > /etc/sysconfig/iptables chmod go-r /etc/sysconfig/iptables sudo service iptables restart ### /SCRIPT ###
Tags:
Linux