Home Linux Red Hat Enterprise Server and CentOS
IPTables Firewall - Example Config Print E-mail

This is an example IPTABLES firewall config file.

 

 

###########
## IPTABLES FIREWALL CONFIGURATION
###########

*filter

##ALLOW loopback interface
-A INPUT -i lo -j ACCEPT

##ALLOW connections that originate from this server
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

##Block
-A INPUT -s 61.225.15.0/24 -j DROP
-A INPUT -s 118.167.0.0/16 -j DROP
-A INPUT -s 114.45.0.0/16 -j DROP
-A INPUT -s 121.96.0.0/18 -j DROP

##Restrictions
#-A INPUT -p icmp -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name ICMP -j LOG  --log-prefix "**IPTABLES**ICMP DENY**"
#-A INPUT -p icmp -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name ICMP -j DROP
#-A INPUT -p icmp -m state --state NEW -m recent --set --name ICMP -j ACCEPT

#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH -j LOG --log-prefix "**IPTABLES**SSH DENY**"
#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH -j DROP
#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

##ALLOW ONLY 192.168.0.0 network to the following ports
-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp --dport 22 -j ACCEPT

##ALLOW ANY to the following ports
#-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

##ALLOW specific to the following ports
#-A INPUT -s 192.168.5.1 -p tcp --dport 995 -j ACCEPT
-A INPUT -s 192.168.5.1 -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.5.1 -p tcp --dport 3306 -j ACCEPT

##ALLOW icmp
#-A INPUT -p icmp --icmp-type any -j ACCEPT
#-A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/s --limit-burst 5 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT

##LOGGING
#-A INPUT -j LOG --log-tcp-options --log-ip-options

##DEFAULT set DROP as default rule for each chain
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

COMMIT

< Prev   Next >
 

vcplogo 

    

 

DISCLAIMER: All advice, tips, guides and other information on this website is provided as-is with no warranty or guarantee. While most information is correct to the best of my knowledge, I am not reponsible for any issues that may arise in using the information, and you do so at your own risk. As always before doing anything; check, double check, test and always make a backup.

 

Popular

Help VMadmin

All resources on this site are provided absolutley free. However it takes time and money to keep the site running. If any information has been helpful to you or your company, and you wish to make a donation to help keep VMadmin.co.uk running you can do so via paypal, and it would be much appreciated.

Click to donate to VMadmin.co.uk via paypal.