IPTables example - basic up and running

Nov 13
0

IPTables example - basic up and running

Mon, 2006-11-13 09:31 — superuser

After editting /etc/sysconfig/iptables you need to do iptables-reload /etc/sysconfig/iptables - you can then confirm the rules by iptables -L

#Defaults - Don't forward or allow anything in by default, but allow outgoing by default
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
 
-I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
#####################################################
# IP restrict SSH to known hosts
# The office static IP
-A INPUT -p tcp -m tcp -s 193.193.193.193 --dport 22 -j ACCEPT
# Joe Bloggs home cable dynamic /24
-A INPUT -p tcp -m tcp -s 86.86.86.0/24 --dport 22 -j ACCEPT
 
 
#####################################################
# Allow HTTP, HTTPS & SMTP to all
-A INPUT -p tcp -m tcp -s 0/0 --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp -s 0/0 --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp -s 0/0 --dport 25 -j ACCEPT
 
##################################################
# Allow ping from all
-A INPUT -p icmp -j ACCEPT
 
 
COMMIT

Tags:

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. The supported tag styles are: <foo>, [foo].

More information about formatting options