Last active
April 3, 2019 20:35
-
-
Save jupierce/22c29ba858d75cfc9c6b0b8ccf577bfa to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| iptables -w -C INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT || iptables -w -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -w -C INPUT -p icmp -j ACCEPT || iptables -w -A INPUT -p icmp -j ACCEPT | |
| iptables -w -C INPUT -i lo -j ACCEPT || iptables -w -A INPUT -i lo -j ACCEPT | |
| # Make sure ssh access is there | |
| iptables -w -C INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT || iptables -w -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
| iptables -w -C INPUT -j OS_FIREWALL_ALLOW || iptables -w -A INPUT -j OS_FIREWALL_ALLOW | |
| for port in 10010 10250 10256 80 443 4789 "9000:10000" 1936; do | |
| iptables -w -C OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport $port -j ACCEPT || iptables -w -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport $port -j ACCEPT | |
| done | |
| iptables -w -C INPUT -j REJECT --reject-with icmp-host-prohibited || iptables -w -A INPUT -j REJECT --reject-with icmp-host-prohibited | |
| # Save the changes to sysconfig/iptables | |
| # /usr/libexec/iptables/iptables.init save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment