iptables examples

# firewall.stop
# Script to flush all firewall rulesets
#

set -x

#!/bin/sh
# My system IP/set ip address of server
# Flushing all rules
iptables -F
iptables -X

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP


# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT





# Allow incoming ssh only
iptables -A INPUT -p tcp -s 54.263.22.76 -d 306.143.211.234/gc --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 203.122.55.101 -d 306.143.211.234/gc --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 208.183.110.234 -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT

#allow mysql connection
iptables -A INPUT -p tcp -s 54.263.22.76 --sport 1024:65535 -d 208.183.110.234 --dport 3306 -m state --stateNEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 208.183.110.234 --sport 1024:65535 -d 306.143.211.234/gc --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 208.183.110.234 --sport 3306 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT




#allow FTP connection
iptables -A INPUT -p tcp -s 54.263.22.76 --sport 1024:65535 -d 306.143.211.234/gc --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 208.183.110.234 --sport 1024:65535 -d 306.143.211.234/gc --dport 21 -m state --stateNEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 208.183.110.234 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT


#open smtp port 25
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT


#open port 465
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 465 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


#open http port
# allow incoming connectino http
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 06.183.111.235 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 80 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED-j ACCEPT


# allow outgoing connectino http
iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 1024:65535 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 80 -d 306.143.211.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT






#open dns port

#iptables -A OUTPUT -p tcp -s 306.143.211.234 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

#iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 306.143.211.234 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT



#iptables -A OUTPUT -p udp -s 306.143.211.234 --sport 53 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

#iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d 306.143.211.234/gc --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT



##allow icmp ports
iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT





####
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT



# make sure nothing comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Other Articles

Enter your email address: