Iptbl -A INPUT -p tcp -m tcp -dport 465 -j ACCEPT Iptbl -A INPUT -p tcp -m tcp -dport 443 -j ACCEPT Iptbl -A INPUT -p tcp -m tcp -dport 113 -j ACCEPT
Iptbl -A INPUT -p tcp -m tcp -dport 80 -j ACCEPT Ip4tbl -A INPUT -p udp -m udp -dport 53 -s 213.5.89.46 -j ACCEPT Ip4tbl -A INPUT -p tcp -m tcp -dport 53 -s 213.5.89.46 -j ACCEPT Iptbl -A INPUT -p tcp -m tcp -dport 25 -j ACCEPT Iptbl -A INPUT -p tcp -m tcp -dport 22 -j ACCEPT DNS is restricted to my public # DNS servers, this just runs a hidden master. # Permit allowed services on all interfaces. Iptbl -A INPUT -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT Iptbl -X # Block by default except outgoing traffic # # ip4tbl - apply ruleset for just iptables # ip6tbl - apply ruleset for just ip6tables # iptbl - apply ruleset for both iptables and ip6tables # # verbose = if thenįi # Rather than duplicate entries for iptables and ip6tables, have some small # wrapper functions do it for us. # When running from the command line, provide a -v option to print the # installed rules at the end. # Ensure sane path # PATH =/sbin:/usr/sbin:/bin:/usr/bin Here it is in its entirety, feel free to use/copy/whatever, it’s public domain.
I provide a couple of shell functions to make it easy write rules which are to Interface being brought up - better to do it then than afterwards :) etc/network/if-pre-up.d/iptables, meaning it is executed prior to an It’s a simple shell script which is installed to So, there is a plethora of advice and ways of setting iptables up them, and Saves/restores configuration and allows you to check the status. Hat based distributions come with an init script /etc/init.d/iptables which Most Linux distributions seem to have their own way of handling iptables.
0 kommentar(er)
