Tags » Iptables

Linux iptables example

Introduction

The following show a typical example of Linux iptables firewall configuration.

Iptable script


function load_one_module()
{
result=`$LSMOD | $GREP $1 | $AWK {'print $1'} | $HEAD -1`
if [ -z $result ]; then
	$MODPROBE $1
fi

}

#============================================================================

function load_modules()
{
MODULES="ip_tables iptable_filter ip_conntrack"

for mod in $MODULES; do
	load_one_module $mod
done

}

#============================================================================
function load_rules()
{
#------------------------------
# Load Kernel modules
#------------------------------
load_modules

#------------------------------
# Flush all existing rules
#------------------------------
$IPTABLES -F INPUT 
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD

#------------------------------
# Set up default behaviour to DROP
#------------------------------
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

#------------------------------
# Local loopback
# Allow only self referencing
#------------------------------
$IPTABLES -A INPUT  -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT 

#---------------------------------
# Allow existing connections
#---------------------------------
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED	-j ACCEPT

#---------------------------------
#	Allow all tcp out
#---------------------------------
$IPTABLES -A OUTPUT -o $NIC -p tcp  -j ACCEPT

#---------------------------------
# ICMP
#---------------------------------
$IPTABLES -A INPUT -p icmp -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -j ACCEPT

#----------------------------------
# Allow DNS (tcp 53, udp 53)
#----------------------------------
$IPTABLES -A INPUT  -i $NIC -p tcp --sport 53 -j ACCEPT # client
$IPTABLES -A INPUT  -i $NIC -p tcp --dport 53 -j ACCEPT # server

$IPTABLES -A INPUT  -i $NIC -p udp --sport 53 -j ACCEPT # client
$IPTABLES -A INPUT  -i $NIC -p udp --dport 53 -j ACCEPT # server


$IPTABLES -A OUTPUT -o $NIC -p udp --dport 53 -j ACCEPT # client
$IPTABLES -A OUTPUT -o $NIC -p udp --sport 53 -j ACCEPT # server

$IPTABLES -A OUTPUT -o $NIC -p tcp --dport 53 -j ACCEPT # client
$IPTABLES -A OUTPUT -o $NIC -p tcp --sport 53 -j ACCEPT # server


#----------------------------------
# Allow ssh (tcp 22) 
#----------------------------------
$IPTABLES -A INPUT  -i $NIC -p tcp --dport 22 -j ACCEPT # server
$IPTABLES -A INPUT  -i $NIC -p tcp --sport 22 -j ACCEPT # client

#----------------------------------
# Allow http (tcp 80) in and out
#----------------------------------
$IPTABLES -A INPUT -i $NIC -p tcp --dport 80 -j ACCEPT  # server
$IPTABLES -A INPUT -i $NIC -p tcp --sport 80 -j ACCEPT  # client

#----------------------------------
# Allow https (tcp 443) in and out
#----------------------------------
$IPTABLES -A INPUT -i $NIC -p tcp --dport 443 -j ACCEPT  # server
$IPTABLES -A INPUT -i $NIC -p tcp --sport 443 -j ACCEPT  # client


#----------------------------------
# Allow mysql (tcp 3306) in and out
#----------------------------------
$IPTABLES -A INPUT -i $NIC -p tcp --dport 3306 -j ACCEPT  # server
$IPTABLES -A INPUT -i $NIC -p tcp --sport 3306 -j ACCEPT  # client



}



#============================================================================
function clear_rules()
{
#------------------------------
# Flush all existing rules
#------------------------------
$IPTABLES -F INPUT 
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD

#------------------------------
# default behaviour : ACCEPT
#------------------------------
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

}
… 172 more words
Firewall

iptables and TFTP HOWTO

Reminder to self on iptables and TFTP HOWTO.

TL;DR

iptables on a TFTP server:

iptables -I INPUT -j ACCEPT -p udp -m udp --dport 69…
645 more words

Linux

Enabling Nutanix 2009 page access with allssh command

On top of HTML5 based Prism GUI,┬áNutanix cluster has nifty web pages to give additional information on what is going on in your cluster. Under normal conditions there isn’t usually need to access these pages, but they can be handy in troubleshooting or in performance testing. 650 more words

Nutanix

Installing Fail2Ban on CentOS 7

I am beginning to set up a SSH gateway for my home network. I already have the SSH server configured and exposed to the internet. Literally overnight it was discovered and I woke up to a host in Ukraine trying to brute force the root password. 479 more words

simple notes for reference [ddos/mail attack]

Error Msg:

error msg shown visiting main site:

error msg shown visiting plesk panel

Too many connections (Abstract.php:144)

Search for related Knowledge Base articles]

Try restarting httpd and msg shown again in 5 minutes, it’s most likely that the site is under ddos attack. 230 more words

Linux

Configure iptables to Allow Access to Common Services on Linux

This article gives the steps to open firewall ports on CentOS 6.x in Iptables IPv4. 799 more words

Firewalls