Created
July 9, 2024 07:05
-
-
Save swikars1/e11a84a83d51c719cecff0a9a293160d to your computer and use it in GitHub Desktop.
Common firewall config for Linux - bash file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Delete the current firewall setup: | |
| iptables -F | |
| # Define default rules for all chains: | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP | |
| # Allow incoming/outgoing localhost frames for tests (e.g. Webserver, Mailserver): | |
| iptables -A INPUT -d 127.0.0.1 -j ACCEPT | |
| iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT | |
| # Allow loopback frames for the internal process management: | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # Allow incoming/outgoing related-established connections: | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # Allow incoming PING-Requests: | |
| iptables -A INPUT -p icmp -j ACCEPT | |
| # Allow incoming SSH connections: | |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
| # Allow incoming HTTP/HTTPS requests: | |
| iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
| # Allow incoming DNS requests: | |
| iptables -A INPUT -p udp --dport 53 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 53 -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment