Forum Moderators: bakedjake
# flash all rules
iptables -F
# always allow the trusted IPs
iptables -A INPUT -p tcp -s 192.168.8.0/24 --dport 22 -j ACCEPT
# drop all request from NAT server
#iptables -I INPUT -p tcp -s 172.16.0.0/16 --dport 22 -j DROP
# deny all request from outside to MySQL
iptables -I INPUT -p tcp --dport 3306 -s ! 127.0.0.1 -j DROP
# accept all the following request of the specified ports
iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --dport 808 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 808 -j ACCEPT
# allow outgoing access
iptables -A OUTPUT -p tcp -s 0/0 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 -j ACCEPT
# drop accessing old port of SSH
#iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP
# ping access/requests
#iptables -A OUTPUT -p icmp -s 0/0 -j DROP
#iptables -A INPUT -p icmp -s 0/0 -j DROP
iptables -p icmp --icmp-type echo-request -j ACCEPT
iptables -p icmp --icmp-type echo-reply -j ACCEPT
# drop all request/access to the machine
iptables -A INPUT -p tcp -s 0/0 -j DROP
iptables -A INPUT -p udp -s 0/0 -j DROP
