#!/bin/bash
# If you use the kernel modules, make sure they are loaded
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_state
modprobe ipt_REJECT
modprobe ipt_LOG
# added in case you are reloading
iptables --flush
# drop all inbound by default
iptables -P INPUT DROP
# always allow loopback
iptables -A INPUT -i lo -j ACCEPT
# Allow return traffic
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
# Allow ICMP
iptables -A INPUT -p icmp -m icmp -j ACCEPT
## SSH (Limit connection attempts)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp -m tcp --source 192.168.0.0/24 --dport 22 -j ACCEPT
# Log and Block
iptables -A INPUT -j LOG --log-prefix IN-FILTERBLOCK
iptables -A INPUT -j REJECT
Thursday, July 23, 2009
Basic iptables rules
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment