This is an example IPTABLES firewall config file.

 

 

###########
## IPTABLES FIREWALL CONFIGURATION
###########

*filter

##ALLOW loopback interface
-A INPUT -i lo -j ACCEPT

##ALLOW connections that originate from this server
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

##Block
-A INPUT -s 61.225.15.0/24 -j DROP
-A INPUT -s 118.167.0.0/16 -j DROP
-A INPUT -s 114.45.0.0/16 -j DROP
-A INPUT -s 121.96.0.0/18 -j DROP

##Restrictions
#-A INPUT -p icmp -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name ICMP -j LOG  --log-prefix "**IPTABLES**ICMP DENY**"
#-A INPUT -p icmp -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --name ICMP -j DROP
#-A INPUT -p icmp -m state --state NEW -m recent --set --name ICMP -j ACCEPT

#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH -j LOG --log-prefix "**IPTABLES**SSH DENY**"
#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 --name SSH -j DROP
#-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

##ALLOW ONLY 192.168.0.0 network to the following ports
-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp --dport 22 -j ACCEPT

##ALLOW ANY to the following ports
#-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

##ALLOW specific to the following ports
#-A INPUT -s 192.168.5.1 -p tcp --dport 995 -j ACCEPT
-A INPUT -s 192.168.5.1 -p tcp --dport 993 -j ACCEPT
-A INPUT -s 192.168.5.1 -p tcp --dport 3306 -j ACCEPT

##ALLOW icmp
#-A INPUT -p icmp --icmp-type any -j ACCEPT
#-A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/s --limit-burst 5 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT

##LOGGING
#-A INPUT -j LOG --log-tcp-options --log-ip-options

##DEFAULT set DROP as default rule for each chain
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

COMMIT

Share this blog post on social media:

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2016 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes