From anon, 2 Weeks ago, written in Plain Text.
This paste will perish in 1 Second.
Embed
  1. *filter
  2. #  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
  3. -A INPUT -i lo -j ACCEPT
  4. -A INPUT -d 127.0.0.0/8 -j REJECT
  5.  
  6. #  Accept all established inbound connections
  7. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  8.  
  9. # inbound connections
  10. -A INPUT -p tcp --dport 80 -j ACCEPT
  11. -A INPUT -p tcp --dport 443 -j ACCEPT
  12.  
  13. # outbound connections
  14. -A OUTPUT -p tcp --match multiport --sports 80,443 -j ACCEPT
  15. -A OUTPUT -p tcp --sport 53 -j ACCEPT
  16. -A OUTPUT -p udp --sport 53 -j ACCEPT
  17. -A OUTPUT -p tcp --match state --sport 22 --state ESTABLISHED -j ACCEPT
  18. -A OUTPUT -p tcp --match state --sport 80 --state ESTABLISHED -j ACCEPT
  19. -A OUTPUT -p tcp --match state --sport 443 --state ESTABLISHED -j ACCEPT
  20.  
  21. -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
  22. -A INPUT -p icmp -j ACCEPT
  23. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  24.  
  25. -A OUTPUT -j ACCEPT
  26. -A INPUT -j DROP
  27. -A FORWARD -j DROP
  28.  
  29. COMMIT
  30.