Category: General Linux

1. Create a file /root/iptables.sh
2. Paste in the text below and edit as required
3. Give it execute permissions
4. ./iptables.sh to run it and it will update iptables as required
5. To check iptables, run: service iptables status

### SCRIPT ###
service iptables stop

# Drop all incoming traffic
iptables -P INPUT DROP

# Drop all forwarded traffic
iptables -P FORWARD DROP

# Drop all outgoing traffic
iptables -P OUTPUT DROP

# Allow all outgoing traffic
iptables -P OUTPUT ACCEPT

# Allow returning packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow MySQL only from a certain network
#iptables -A INPUT -p tcp -m tcp -s XXX.XXX.XXX.0/24 --dport 3306 -j ACCEPT

# Allow local traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow incoming SSH on port 22
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# Allow incoming 21
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

# Allow incoming 3306
iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

# Allow incoming 80
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

# Allow incoming 443
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# Allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

iptables-save > /etc/sysconfig/iptables
chmod go-r /etc/sysconfig/iptables
sudo service iptables restart
### /SCRIPT ###

 

Tags:

Linux

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.