| |
1 #! /bin/sh
2
3 ##############
4 #Flush & Reset
5 ##############
6 /sbin/iptables -F
7 /sbin/iptables -Z
8 /sbin/iptables -X
9
10 ##############
11 #Deafult Rule
12 ##############
13 /sbin/iptables -P INPUT DROP
14 /sbin/iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
15
16 /sbin/iptables -P OUTPUT ACCEPT
17
18 /sbin/iptables -P FORWARD DROP
19
20 #########
21 #loopback
22 #########
23 /sbin/iptables -A INPUT -i lo -j ACCEPT
24
25 #######################
26 #ICMP Ping
27 #######################
28 /sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/m --limit-burst 10 -j ACCEPT
29 #/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
30
31 #######################
32 #ssh
33 #######################
34 /sbin/iptables -A INPUT -p tcp --syn -m state --state NEW --dport 22 -m limit --limit 1/m --limit-burst 1 -j ACCEPT
35 #/sbin/iptables -A INPUT -p tcp --syn -m state --state NEW --dport 22 -j DROP
36
37 #######################
38 #DNS
39 #######################
40 /sbin/iptables -A INPUT -p udp --sport 53 -j ACCEPT
41
42 #########
43 #logging
44 #########
45 /sbin/iptables -N LOGGING
46 /sbin/iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
47 /sbin/iptables -A LOGGING -j DROP
48 /sbin/iptables -A INPUT -j LOGGING
|
|