[colug-432] iptables

Steve VanSlyck s.vanslyck at postpro.net
Wed May 13 21:12:55 EDT 2015


How odd.

Let's try it without me formatting the font. Is this better?

read -p "Flush rules?"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables –F
 
read -p "Accept connections to the loopback interface (localhost)?"
iptables -A INPUT -i lo -j ACCEPT
 
read -p "Accept connections from the loopback interface (localhost)?"
iptables -A OUTPUT -o lo -j ACCEPT
 
read -p "Allow outgoing connections?"
iptables -A OUTPUT -j ACCEPT
 
read -p "Drop all pings?"
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
 
read -p "Accept requested inbound traffic?"
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
read -p "Accept new and established ssh from specified IP?"
iptables -A INPUT -p tcp -s 107.132.57.128 --dport ssh -m state --state
NEW,ESTABLISHED -j ACCEPT
 
read -p "Allow established ssh to specified IP?"
iptables -A OUTPUT -p tcp -d 107.132.57.128 --sport 22 -m state --state
ESTABLISHED -j ACCEPT
 
read -p "Drop all other ssh attempts?"
iptables -A INPUT -p tcp --dport ssh -j DROP
 
read -p "Allow outbound http traffic?"
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 
read -p "Allow outbound https traffic?"
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
 
read -p "Allow inbound http traffic?"
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 
read -p "Allow inbound https traffic?"
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 
read -p "Set policy: Drop forwarding connections?"
iptables -P FORWARD DROP
 
read -p "Set policy: Drop other incoming connections?"
iptables -P INPUT DROP
 
read -p "Set policy: Drop outgoing connections?"
iptables -P OUTPUT DROP


On Wed, May 13, 2015, at 21:10, jep200404 at columbus.rr.com wrote:
> On Wed, 13 May 2015 21:00:50 -0400, Steve VanSlyck
> <s.vanslyck at postpro.net> wrote:
> 
> > On Wed, May 13, 2015, at 20:57, jep200404 at columbus.rr.com wrote:
> > > On Wed, 13 May 2015 20:43:52 -0400, Steve VanSlyck
> > > <s.vanslyck at postpro.net> wrote:
> 
> > > > **read -p "Flush rules?"** ***iptables -P INPUT ACCEPT * *iptables -P
> > > > OUTPUT ACCEPT * *iptables –F *
> > > 
> > > What do the asterisks come from? 
> 
> > I don't know, Jim. Not seeing them on my outgoing message.
> 
> They are in the archives and in the mail that I receive.
> 
> http://lists.colug.net/pipermail/colug-432/2015-May/003730.html
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



More information about the colug-432 mailing list