Last active
September 30, 2018 06:16
-
-
Save npotier/0c037e42ae655a8564c2 to your computer and use it in GitHub Desktop.
Basic IP Tables opening port for a Webserver
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ### BEGIN INIT INFO | |
| # Provides: firewall | |
| # Required-Start: $remote_fs $syslog | |
| # Required-Stop: $remote_fs $syslog | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: Démarre les règles iptables | |
| # Description: Charge la configuration du pare-feu iptables | |
| ### END INIT INFO | |
| # Réinitialise les règles | |
| iptables -t filter -F | |
| iptables -t filter -X | |
| # Bloque tout le trafic | |
| iptables -t filter -P INPUT DROP | |
| iptables -t filter -P FORWARD DROP | |
| iptables -t filter -P OUTPUT DROP | |
| # Autorise les connexions déa établies et localhost | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -t filter -A INPUT -i lo -j ACCEPT | |
| iptables -t filter -A OUTPUT -o lo -j ACCEPT | |
| # ICMP (Ping) | |
| iptables -t filter -A INPUT -p icmp -j ACCEPT | |
| iptables -t filter -A OUTPUT -p icmp -j ACCEPT | |
| # SSH | |
| iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT | |
| # ACSEO Git | |
| iptables -t filter -A INPUT -p tcp --dport 10022 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 10022 -j ACCEPT | |
| # DNS | |
| iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT | |
| iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT | |
| # HTTP | |
| iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT | |
| #iptables -t filter -A OUTPUT -p tcp --dport 8443 -j ACCEPT | |
| #iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT | |
| # Mail SMTP | |
| iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT | |
| iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT | |
| # Mail POP3 | |
| iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT | |
| # Mail IMAP | |
| iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT | |
| iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT | |
| # NTP (horloge du serveur) | |
| iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT | |
| iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT | |
| iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT | |
| iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT | |
| iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment