Basic Iptables Firewall

Home » Computer Articles » Linux » Basic Iptables Firewall
May 23, 2008 Linux No Comments 
To create basic iptables firewall in a Redhat compatible distro, edit the /etc/sysconfig/iptables
file and add the info below:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.50 -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p icmp -s 0/0 --icmp-type echo-request -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4567 -m state --state NEW,ESTABLISHED -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 4445 -m state --state NEW,ESTABLISHED -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 0.0.0.0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.20 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.21 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.22 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.23 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.24 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.25 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.40 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.2 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -j ACCEPT
COMMIT
Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.