Iptables example: a simple firewall script


# flush all chains
iptables -F

# set the default policy for each of the pre-defined chains
iptables -P INPUT ACCEPT
iptables -P FORWARD DROP

# allow all traffic on loopback. If you don't do this, various processes, such as Postfix, will break:
iptables -A INPUT -i lo -j ACCEPT

# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# allow server ports
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

# redirect port 8080 to port 80 
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80

# drop everything else
iptables -A INPUT -j DROP 

No comments:

Post a Comment