snipt

Ctrl+h for KB shortcuts

Bash

Default LAMP iptables rules

iptables -P INPUT ACCEPT
iptables -F
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # SSH
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # HTTP
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # HTTPS
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT # MySQL
iptables -A INPUT -p tcp --dport 8888 -j ACCEPT # Proxy
iptables -A INPUT -p tcp --dport 9091 -j ACCEPT # Transmission remote
iptables -A INPUT -p tcp --dport 51413 -j ACCEPT # Transmission data
iptables -A INPUT -p udp --dport 51413 -j ACCEPT # Transmission data
iptables -A INPUT -p tcp --dport 8192 -j ACCEPT # Minecraft votifier
iptables -A INPUT -p tcp --dport 25565 -j ACCEPT # Minecraft server
iptables -A INPUT -p tcp --dport 25535 -j ACCEPT # Muezli test server
iptables -A INPUT -p tcp --dport 25525 -j ACCEPT # Muezli tekkit server
iptables -A INPUT -p tcp --dport 25585 -j ACCEPT # Minecraft query
iptables -A INPUT -p tcp --dport 25567 -j ACCEPT # Minecraft livemap
iptables -A INPUT -m udp -p udp --dport 27000:27015 -j ACCEPT # TF2 server
iptables -A INPUT -m tcp -p tcp --dport 27000:27015 -j ACCEPT # TF2 server
iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT # SMB
iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT # SMB
iptables -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT # SMB
iptables -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT # SMB
iptables -A INPUT -j DROP
service iptables save
service iptables restart
iptables -L -v
https://snipt.net/embed/fcc36a63a614c57c7209a8fc09720d10/
/raw/fcc36a63a614c57c7209a8fc09720d10/
fcc36a63a614c57c7209a8fc09720d10
bash
Bash
32
2019-06-27T00:52:59
True
False
False
/api/public/snipt/35315/
default-lamp-iptables-rules
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><a href="#L-1"> 1</a> <a href="#L-2"> 2</a> <a href="#L-3"> 3</a> <a href="#L-4"> 4</a> <a href="#L-5"> 5</a> <a href="#L-6"> 6</a> <a href="#L-7"> 7</a> <a href="#L-8"> 8</a> <a href="#L-9"> 9</a> <a href="#L-10">10</a> <a href="#L-11">11</a> <a href="#L-12">12</a> <a href="#L-13">13</a> <a href="#L-14">14</a> <a href="#L-15">15</a> <a href="#L-16">16</a> <a href="#L-17">17</a> <a href="#L-18">18</a> <a href="#L-19">19</a> <a href="#L-20">20</a> <a href="#L-21">21</a> <a href="#L-22">22</a> <a href="#L-23">23</a> <a href="#L-24">24</a> <a href="#L-25">25</a> <a href="#L-26">26</a> <a href="#L-27">27</a> <a href="#L-28">28</a> <a href="#L-29">29</a> <a href="#L-30">30</a> <a href="#L-31">31</a> <a href="#L-32">32</a></pre></div></td><td class="code"><div class="highlight"><pre><span></span><span id="L-1"><a name="L-1"></a>iptables -P INPUT ACCEPT </span><span id="L-2"><a name="L-2"></a>iptables -F </span><span id="L-3"><a name="L-3"></a>iptables -P FORWARD DROP </span><span id="L-4"><a name="L-4"></a>iptables -P OUTPUT ACCEPT </span><span id="L-5"><a name="L-5"></a>iptables -A INPUT -m state --state INVALID -j DROP </span><span id="L-6"><a name="L-6"></a>iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT </span><span id="L-7"><a name="L-7"></a>iptables -A INPUT -i lo -j ACCEPT </span><span id="L-8"><a name="L-8"></a>iptables -A INPUT -p icmp -j ACCEPT </span><span id="L-9"><a name="L-9"></a>iptables -A INPUT -p tcp --dport <span class="m">22</span> -j ACCEPT <span class="c1"># SSH</span> </span><span id="L-10"><a name="L-10"></a>iptables -A INPUT -p tcp --dport <span class="m">80</span> -j ACCEPT <span class="c1"># HTTP</span> </span><span id="L-11"><a name="L-11"></a>iptables -A INPUT -p tcp --dport <span class="m">443</span> -j ACCEPT <span class="c1"># HTTPS</span> </span><span id="L-12"><a name="L-12"></a>iptables -A INPUT -p tcp --dport <span class="m">3306</span> -j ACCEPT <span class="c1"># MySQL</span> </span><span id="L-13"><a name="L-13"></a>iptables -A INPUT -p tcp --dport <span class="m">8888</span> -j ACCEPT <span class="c1"># Proxy</span> </span><span id="L-14"><a name="L-14"></a>iptables -A INPUT -p tcp --dport <span class="m">9091</span> -j ACCEPT <span class="c1"># Transmission remote</span> </span><span id="L-15"><a name="L-15"></a>iptables -A INPUT -p tcp --dport <span class="m">51413</span> -j ACCEPT <span class="c1"># Transmission data</span> </span><span id="L-16"><a name="L-16"></a>iptables -A INPUT -p udp --dport <span class="m">51413</span> -j ACCEPT <span class="c1"># Transmission data</span> </span><span id="L-17"><a name="L-17"></a>iptables -A INPUT -p tcp --dport <span class="m">8192</span> -j ACCEPT <span class="c1"># Minecraft votifier</span> </span><span id="L-18"><a name="L-18"></a>iptables -A INPUT -p tcp --dport <span class="m">25565</span> -j ACCEPT <span class="c1"># Minecraft server</span> </span><span id="L-19"><a name="L-19"></a>iptables -A INPUT -p tcp --dport <span class="m">25535</span> -j ACCEPT <span class="c1"># Muezli test server</span> </span><span id="L-20"><a name="L-20"></a>iptables -A INPUT -p tcp --dport <span class="m">25525</span> -j ACCEPT <span class="c1"># Muezli tekkit server</span> </span><span id="L-21"><a name="L-21"></a>iptables -A INPUT -p tcp --dport <span class="m">25585</span> -j ACCEPT <span class="c1"># Minecraft query</span> </span><span id="L-22"><a name="L-22"></a>iptables -A INPUT -p tcp --dport <span class="m">25567</span> -j ACCEPT <span class="c1"># Minecraft livemap</span> </span><span id="L-23"><a name="L-23"></a>iptables -A INPUT -m udp -p udp --dport 27000:27015 -j ACCEPT <span class="c1"># TF2 server</span> </span><span id="L-24"><a name="L-24"></a>iptables -A INPUT -m tcp -p tcp --dport 27000:27015 -j ACCEPT <span class="c1"># TF2 server</span> </span><span id="L-25"><a name="L-25"></a>iptables -A INPUT -p udp -m udp --dport <span class="m">137</span> -j ACCEPT <span class="c1"># SMB</span> </span><span id="L-26"><a name="L-26"></a>iptables -A INPUT -p udp -m udp --dport <span class="m">138</span> -j ACCEPT <span class="c1"># SMB</span> </span><span id="L-27"><a name="L-27"></a>iptables -A INPUT -p tcp -m tcp --dport <span class="m">139</span> -j ACCEPT <span class="c1"># SMB</span> </span><span id="L-28"><a name="L-28"></a>iptables -A INPUT -p tcp -m tcp --dport <span class="m">445</span> -j ACCEPT <span class="c1"># SMB</span> </span><span id="L-29"><a name="L-29"></a>iptables -A INPUT -j DROP </span><span id="L-30"><a name="L-30"></a>service iptables save </span><span id="L-31"><a name="L-31"></a>service iptables restart </span><span id="L-32"><a name="L-32"></a>iptables -L -v </span></pre></div> </td></tr></table>
iptables, lamp