This is an example IPTABLES firewall config file.

 

 

###########
## IPTABLES FIREWALL CONFIGURATION
###########

*filter

##ALLOW loopback interface
-A INPUT -i lo -j ACCEPT

##ALLOW connections that originate from this server
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

##Block
-A INPUT -s 61.225.15.0/24 -j DROP
-A INPUT -s 118.167.0.0/16 -j DROP
-A INPUT -s 114.45.0.0/16 -j DROP
-A INPUT -s 121.96.0.0/18 -j DROP

##Restrictions
#-A INPUT -p icmp -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name ICMP -j LOG  --log-prefix "**IPTABLES**ICMP DENY**"
#-A INPUT -p icmp -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name ICMP -j DROP
#-A INPUT -p icmp -m state --state NEW -m recent --set --name ICMP -j ACCEPT

#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH -j LOG --log-prefix "**IPTABLES**SSH DENY**"
#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH -j DROP
#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

##ALLOW ONLY 192.168.0.0 network to the following ports
-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp --dport 22 -j ACCEPT

##ALLOW ANY to the following ports
#-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

##ALLOW specific to the following ports
#-A INPUT -s 192.168.5.1 -p tcp --dport 995 -j ACCEPT
-A INPUT -s 192.168.5.1 -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.5.1 -p tcp --dport 3306 -j ACCEPT

##ALLOW icmp
#-A INPUT -p icmp --icmp-type any -j ACCEPT
#-A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/s --limit-burst 5 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT

##LOGGING
#-A INPUT -j LOG --log-tcp-options --log-ip-options

##DEFAULT set DROP as default rule for each chain
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

COMMIT

Share this blog post on social media:

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes

We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.