Iptables Command Line Tool Examples: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 52: | Line 52: | ||
</pre> | </pre> | ||
=Allow SSH Only From the Internal Network on a Non-Standard Port= | |||
Revision as of 00:07, 6 January 2016
Internal
Base Configuration
Use the content below and overwrite the existing /etc/sysconfig/iptables.
*mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT *nat :PREROUTING ACCEPT :POSTROUTING ACCEPT :OUTPUT ACCEPT COMMIT *filter # the default INPUT chain policy is to DROP unless there's a rule that explicitly accepts the packet :INPUT DROP # the default FORWARD chain policy is to DROP unless there's a rule that explicitly accepts the packet :FORWARD DROP # the default OUTPUT chain policy is to ACCEPT unless there's a rule that explicitly rejects or drops the packet :OUTPUT ACCEPT # anything that comes from us through the loopback interface is accepted -A INPUT -i lo -j ACCEPT # established connections initiated by us are accepted -A INPUT -m state --state ESTABLISHED -j ACCEPT # by default, we allow new SSH connections on port 22 all interfaces - we may want to change that and be more selective -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT # # everything else coming from outside will be dropped # # # all outbound traffic is accepted # COMMIT