saissemet · December 14, 2020 13:16
diff --git a/Iptables Configuration b/Iptables Configuration
 //Topology:             
                 172.31.0.11/24 (With Assossiated Elastic IP)
                  __________
                 |          |
                 |          |
                 |  CLIENT  |
                 |          |
                 |__________|
                 
                 172.31.1.11/24
                      |
                 172.31.1.10/24
                  __________
                 |          |
                 |          |       HTTP:80
                 | FIREWALL |       HTTPS:443
                 |          |       SSH:22
                 |__________|
                 
                172.31.2.10/24
                      |
                172.31.2.11/24
                  __________
                 |          |
                 |          |       HTTP:80
                 |  SERVER  |       HTTPS:443
                 |          |       SSH:22
                 |__________|
                 
 //Iptables Configuration in FIREWALL:
 iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A INPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -p tcp -m tcp --sport 22 -j ACCEPT
 iptables -A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
 iptables -A INPUT -p icmp -j ACCEPT
 iptables -A FORWARD -p icmp -j ACCEPT
 iptables -A OUTPUT -p icmp -j ACCEPT
 iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
 iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
 iptables -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
 iptables -A FORWARD -p tcp -m tcp --sport 443 -j ACCEPT
 iptables -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
 iptables -A INPUT -d 172.31.0.0/16 -p tcp -m tcp --sport 80 -j ACCEPT
 iptables -A INPUT -s 172.31.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
 iptables -A OUTPUT -s 172.31.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
 iptables -A OUTPUT -d 172.31.0.0/16 -p tcp -m tcp --sport 80 -j ACCEPT
 iptables -A FORWARD -d 172.31.0.0/16 -p tcp -m tcp --sport 80 -j ACCEPT
 iptables -A FORWARD -s 172.31.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
 iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
 iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
 iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
	//Topology:
	172.31.0.11/24 (With Assossiated Elastic IP)
	__________
	\| \|
	\| \|
	\| CLIENT \|
	\| \|
	\|__________\|

	172.31.1.11/24
	\|
	172.31.1.10/24
	__________
	\| \|
	\| \| HTTP:80
	\| FIREWALL \| HTTPS:443
	\| \| SSH:22
	\|__________\|

	172.31.2.10/24
	\|
	172.31.2.11/24
	__________
	\| \|
	\| \| HTTP:80
	\| SERVER \| HTTPS:443
	\| \| SSH:22
	\|__________\|

	//Iptables Configuration in FIREWALL:
	iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A FORWARD -p tcp -m tcp --sport 22 -j ACCEPT
	iptables -A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
	iptables -A INPUT -p icmp -j ACCEPT
	iptables -A FORWARD -p icmp -j ACCEPT
	iptables -A OUTPUT -p icmp -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
	iptables -A FORWARD -p tcp -m tcp --sport 443 -j ACCEPT
	iptables -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
	iptables -A INPUT -d 172.31.0.0/16 -p tcp -m tcp --sport 80 -j ACCEPT
	iptables -A INPUT -s 172.31.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
	iptables -A OUTPUT -s 172.31.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
	iptables -A OUTPUT -d 172.31.0.0/16 -p tcp -m tcp --sport 80 -j ACCEPT
	iptables -A FORWARD -d 172.31.0.0/16 -p tcp -m tcp --sport 80 -j ACCEPT
	iptables -A FORWARD -s 172.31.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
	iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
	iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
	iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable