add simple default iptables
This commit is contained in:
parent
c791133923
commit
c25ebc632c
1 changed files with 15 additions and 0 deletions
15
files/iptables/iptables
Normal file
15
files/iptables/iptables
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# Simple static firewall loaded by iptables.service. Replace
|
||||
# this with your own custom rules, run lokkit, or switch to
|
||||
# shorewall or firewalld as your needs dictate.
|
||||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
|
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||
COMMIT
|
||||
Loading…
Add table
Add a link
Reference in a new issue