# Allow established connections to communicate back to the server
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Open SSH, HTTP, HTTPS
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Drop all other packets
iptables -A INPUT -j DROP
# Accept loopback
iptables -I INPUT 1 -i lo -j ACCEPT
# Log all failed attempts (if more than 5 successive attempts are made)
iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# List all iptables in the chain
iptables -L -v
# Save iptables
iptables-save -c > /etc/iptables.rules
# Edit network interfaces to incorporate iptables
vi /etc/network/interfaces
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
No comments:
Post a Comment