Home g33k IPTables Template

IPTables Template

g33k cooperlees · 2011-04-09 · 0 Comment

So I thought I would share a good IPTables starting template, all tested on Ubuntu 10.10.

[plain]

# Cooper Lees IPTables Rules
# Last Updated 20110409

# Drop by default
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
#ICMP is Good
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Only allow 4 new SSH connection per minute from a certain IP address
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --second 60 --hitcount 4 -j DROP
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# Handy if you have a IPv4 to IPv6 Tunnel ...
iptables -A INPUT -p 41 -s ${IPv4-Tunnel-Address} -j ACCEPT
# Handy for debuging what is getting blocked ...
iptables -A INPUT -j LOG --log-level debug --log-prefix "iptables INPUT: "
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

[/plain]
- Load from CLI then use iptables-save > /etc/iptables.up.rules
- In Ubuntu add to /etc/network/interfaces "pre-up iptables-restore < /etc/iptables.up.rules" on to the loopback interface

cooperlees

I-R-Coops Blog

IPTables Template

Leave a Reply Cancel reply

Related Posts

Book REVIEW: Linux Service Management Made Easy with systemd: Advanced techniques to effectively manage, control, and monitor Linux systems and services 1st Edition

CLI Templates for Python + Rust

Stop IPv4 Point-To-Point Addressing your Networks

NAT64: Using `jool` on Ubuntu 20.04

Raspberry Pi Powered Fireplace

nftables

Leave a Reply Cancel reply