Iptables Command Line Tool Examples: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
<pre> | <pre> | ||
*mangle | |||
:PREROUTING ACCEPT | |||
:INPUT ACCEPT | |||
:FORWARD ACCEPT | |||
:OUTPUT ACCEPT | |||
:POSTROUTING ACCEPT | |||
COMMIT | |||
*nat | |||
:PREROUTING ACCEPT | |||
:POSTROUTING ACCEPT | |||
:OUTPUT ACCEPT | |||
COMMIT | |||
*filter | |||
# the default INPUT chain policy is to DROP unless there's a rule that explicitly accepts the packet | |||
:INPUT DROP | |||
# the default FORWARD chain policy is to DROP unless there's a rule that explicitly accepts the packet | |||
:FORWARD DROP | |||
# the default OUTPUT chain policy is to ACCEPT unless there's a rule that explicitly rejects or drops the packet | |||
:OUTPUT ACCEPT | |||
# anything that comes from us through the loopback interface is accepted | |||
-A INPUT -i lo -j ACCEPT | |||
# established connections initiated by us are accepted | |||
-A INPUT -m state --state ESTABLISHED -j ACCEPT | |||
# by default, we allow SSH on port 22 all interfaces - we may want to change that and be more selective | |||
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |||
# | |||
# everything else coming from outside will be dropped | |||
# | |||
# | |||
# all outbound traffic is accepted | |||
# | |||
COMMIT | |||
</pre> | </pre> | ||
Revision as of 00:00, 6 January 2016
Internal
Base Configuration
Use the content below and overwrite the existing /etc/sysconfig/iptables.
*mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT *nat :PREROUTING ACCEPT :POSTROUTING ACCEPT :OUTPUT ACCEPT COMMIT *filter # the default INPUT chain policy is to DROP unless there's a rule that explicitly accepts the packet :INPUT DROP # the default FORWARD chain policy is to DROP unless there's a rule that explicitly accepts the packet :FORWARD DROP # the default OUTPUT chain policy is to ACCEPT unless there's a rule that explicitly rejects or drops the packet :OUTPUT ACCEPT # anything that comes from us through the loopback interface is accepted -A INPUT -i lo -j ACCEPT # established connections initiated by us are accepted -A INPUT -m state --state ESTABLISHED -j ACCEPT # by default, we allow SSH on port 22 all interfaces - we may want to change that and be more selective -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # # everything else coming from outside will be dropped # # # all outbound traffic is accepted # COMMIT