Basic iptables configuration for Linux

What is a good basic iptables config?

Basic rules needed:

  • Allow incoming TCP to 22 for SSH but blocks all others.
  • Allow outgoing TCP/UDP connections.
asked Dec 29, 2014 by anonymous

1 Answer

You may consider using the following rules as a start:

for tables in iptables ip6tables ; do
    # Flush existing rules
    $tables -F

    # Default policy
    $tables -P INPUT DROP
    $tables -P FORWARD ACCEPT
    $tables -P OUTPUT ACCEPT

    # Allow established inbound connections
    $tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    # Allow icmp
    $tables -A INPUT -p icmp -j ACCEPT

    # Allow all loopback traffic
    $tables -A INPUT -i lo -j ACCEPT

    # Allow inbound SSH connection
    $tables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
answered Dec 30, 2014 by Eric Z Ma (44,280 points)

Please log in or register to answer this question.

Copyright © SysTutorials. User contributions licensed under cc-wiki with attribution required.
Hosted on Dreamhost