Basic IPtables Firewall

This is a very simple iptables firewall scripts to get you started.  I use this all the time as a basis.  It allows for access to your system via SSH (you can define a different port if you run SSH on a different port;  you do, right? ;)), outbound DNS requests. I use this as a boilerplate for all containers in the virtual world.

#!/bin/bash IPT="/sbin/iptables"

Flush old rules, old custom tables

$IPT –flush $IPT –delete-chain

Set default policies for all three default chains

$IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT DROP

Enable free use of loopback interfaces

$IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT

All TCP sessions should begin with SYN

$IPT -A INPUT -p tcp ! –syn -m state –state NEW -s 0.0.0.0/0 -j DROP

Accept inbound TCP packets

$IPT -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -p tcp –dport 22 -m state –state NEW -s 0.0.0.0/0 -j ACCEPT

Accept inbound ICMP messages

$IPT -A INPUT -p ICMP –icmp-type 8 -s 0.0.0.0/0 -j ACCEPT

Accept outbound packets

$IPT -I OUTPUT 1 -m state –state RELATED,ESTABLISHED -j ACCEPT $IPT -A OUTPUT -p udp –dport 53 -m state –state NEW -j ACCEPT

Published At