The followed config is basic, allow all traffic outgoing and block all traffic incoming what not be local.
Create file with extension .sh or anyone.
# touch /root/firewall.sh
Required grants permission the executed with.
# chmod +x /root/firewall.sh
Append the next contend the file /root/firewall.sh.
# nano /root/firewall.sh
Append the next contend the file /root/firewall.sh.
# nano /root/firewall.sh
"""
#!/bin/bash
#Reset policy all rules.
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
# Set policy default, allow all traffic.
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
#Set allow full access to LOCAL HOST
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Set allow input response de input Related or Established.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Drop all port listen
iptables -A INPUT -j DROP
"""
Save file with Control + O.
The followed config allow traffic incoming to ssh, mysql and nginx.
"""
#!/bin/bash
#Reset policy all rules.
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
# Set policy default, allow all.
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
#Set allow full access to LOCAL HOST
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Set allow input response de input Related or Established.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Set allow full access to one ip for traffic incoming.
iptables -A INPUT -s 8.8.8.8/32 -j ACCEPT
# Set open port incoming only for SSH.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Set open port for traffic incoming in one line, allow http, https, mysql.
iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443,3306 -j ACCEPT
# Drop all port listen
iptables -A INPUT -j DROP
"""
For activate rules we must run the next command.
# Drop all port listen
iptables -A INPUT -j DROP
"""
For activate rules we must run the next command.
# sh /root/firewall.sh
Check rules with.
# iptables -L
0 Comments