Internal

• iptables Command Line Tool

Base Configuration

Use the content below and overwrite the existing /etc/sysconfig/iptables.

*mangle
:PREROUTING ACCEPT 
:INPUT ACCEPT 
:FORWARD ACCEPT 
:OUTPUT ACCEPT 
:POSTROUTING ACCEPT 
COMMIT

*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT 
:OUTPUT ACCEPT 
COMMIT

*filter

# the default INPUT chain policy is to DROP unless there's a rule that explicitly accepts the packet
:INPUT DROP 

# the default FORWARD chain policy is to DROP unless there's a rule that explicitly accepts the packet
:FORWARD DROP 

# the default OUTPUT chain policy is to ACCEPT unless there's a rule that explicitly rejects or drops the packet
:OUTPUT ACCEPT 


# anything that comes from us through the loopback interface is accepted
-A INPUT -i lo -j ACCEPT

# established connections initiated by us are accepted
-A INPUT -m state --state ESTABLISHED -j ACCEPT

# by default, we allow SSH on port 22 all interfaces - we may want to change that and be more selective
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

#
# everything else coming from outside will be dropped
#

#
# all outbound traffic is accepted
#
COMMIT