IPTables – Initial configuration script

This script clears all firewall rules, sets standard values for chains, and opens access via SSH, HTTP and HTTPS

#!/bin/bash

iptables -F
iptables -X

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP

After remember to save the firewall rules

iptables-save > /etc/sysconfig/iptables.save

or

service iptables save

Saving depends on the distribution you are using.

0 0 vote
Article Rating

Tagged: Tags

Подписаться
Уведомление о
guest
0 Comments
Inline Feedbacks
View all comments