Skip to content

Instantly share code, notes, and snippets.

@FromeXo

FromeXo/iptables

Last active February 6, 2024 17:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save FromeXo/ae443562561793d71a10c790efb6f4f0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save FromeXo/ae443562561793d71a10c790efb6f4f0 to your computer and use it in GitHub Desktop.
Download ZIP
iptables
Raw
iptables
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow everything on loopback interface
iptables -A INPUT -i lo -j ACCEPT
# SSH
iptables -A INPUT -s 193.10.128.0/17,212.25.132.0/23 -p tcp --dport 22 -j ACCEPT
# PING
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
# School DNS
iptables -A OUTPUT -p udp -d 193.10.203.11,193.10.203.12 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 193.10.203.11,193.10.203.12 --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d 193.10.203.11,193.10.203.12 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 193.10.203.11,193.10.203.12 --sport 53 -m state --state ESTABLISHED -j ACCEPT
# DNS servers
iptables -A OUTPUT -p udp -d 193.10.236.158,193.10.236.159 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 193.10.236.158,193.10.236.159 --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d 193.10.236.158,193.10.236.159 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 193.10.236.158,193.10.236.159 --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow established tcp connections
iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment