Thursday, February 10, 2011

IP Tables

# Allow established connections to communicate back to the server
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Drop all other packets
iptables -A INPUT -j DROP

# Accept loopback
iptables -I INPUT 1 -i lo -j ACCEPT

# Log all failed attempts (if more than 5 successive attempts are made)
iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# List all iptables in the chain
iptables -L -v

# Save iptables
iptables-save -c > /etc/iptables.rules

# Edit network interfaces to incorporate iptables
vi /etc/network/interfaces

iface eth0 inet dhcp
 pre-up iptables-restore < /etc/iptables.rules

No comments:

Post a Comment