23 lines
635 B
Bash
23 lines
635 B
Bash
#!/bin/sh
|
|
|
|
# Delete all existing rules
|
|
/sbin/iptables -F
|
|
/sbin/iptables -X
|
|
|
|
# Set default chain policies
|
|
/sbin/iptables -P INPUT DROP
|
|
/sbin/iptables -P FORWARD DROP
|
|
/sbin/iptables -P OUTPUT ACCEPT
|
|
|
|
# Allow unlimited traffic on loopback
|
|
/sbin/iptables -A INPUT -i lo -j ACCEPT
|
|
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
|
|
|
|
# Allow incoming SSH
|
|
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
/sbin/iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
|
|
|
|
# Allow established connections
|
|
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
|