Ning Ma blog

my technology tips

Common iptables rules

# Allow outgoing traffic and disallow any passthroughs

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow traffic already established to continue

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

# Allow ssh, ftp and web services

iptables -A INPUT -p tcp –dport ssh -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport ftp -i eth0 -j ACCEPT
iptables -A INPUT -p udp –dport ftp -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport ftp-data -i eth0 -j ACCEPT
iptables -A INPUT -p udp –dport ftp-data -i eth0 -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -i eth0 -j ACCEPT

# Allow local loopback services

iptables -A INPUT -i lo -j ACCEPT

# Allow pings

iptables -I INPUT -p icmp –icmp-type destination-unreachable -j ACCEPT
iptables -I INPUT -p icmp –icmp-type source-quench -j ACCEPT
iptables -I INPUT -p icmp –icmp-type time-exceeded -j ACCEPT

# DNS server
iptables -A INPUT -p tcp –dport domain -i eth0 -j ACCEPT

Leave a Reply

Your email address will not be published. Required fields are marked *

*