iptables - Config example

1. #!/bin/bash
2.  
3. ###### SETUP ######
4.  
5. # VARS #
6.  
7. fw="iptables"
8.  
9. # Cleaning #
10.  
11. $fw -F
12. $fw -X
13. $fw -t nat -F
14. $fw -t nat -X
15. $fw -t mangle -F
16. $fw -t mangle -X
17.  
18. # Default Policy #
19.  
20. $fw -P INPUT DROP
21. $fw -P FORWARD DROP
22. $fw -P OUTPUT DROP
23.  
24. # Loopback interface #
25.  
26. $fw -A INPUT -i lo -j ACCEPT
27. $fw -A OUTPUT -o lo -j ACCEPT
28.  
29. ###### CONFIG ######
30.  
31. # Sessions #
32.  
33. $fw -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
34. $fw -A OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
35.  
36. # SERVICES #
37.  
38. # All outgoing connections #
39.  
40. #$fw -A OUTPUT -p all -j ACCEPT
41.  
42. # SSH #
43.  
44. $fw -A INPUT -p tcp --dport 22 -j ACCEPT
45.  
46. ####### LOG #######
47.  
48. # All undefined packets to new chain "undef_" #
49.  
50. $fw -N undef_in
51. $fw -N undef_out
52. $fw -N undef_fw
53. $fw -A INPUT -j undef_in
54. $fw -A OUTPUT -j undef_out
55. $fw -A FORWARD -j undef_fw
56.  
57. # Log all packages in chains undef_ #
58.  
59.  
60. $fw -A undef_in -j LOG --log-level 7 --log-prefix "Iptables: drop input: "
61. $fw -A undef_in -j DROP
62. $fw -A undef_out -j LOG --log-level 7 --log-prefix "Iptables: drop output: "
63. $fw -A undef_out -j DROP
64. $fw -A undef_fw -j LOG --log-level 7 --log-prefix "Iptables: drop forward: "
65. $fw -A undef_fw -j DROP
66.  
67. ###### Save all rules ######
68.  
69. /sbin/service iptables save