[Gllug] Simple iptables config
Paul Cupis
paul at cupis.co.uk
Fri Feb 10 19:23:09 UTC 2006
Richard Jones wrote:
> Does anyone have a very simple iptables config for a standalone host
> they could share with me?
>
> All I really want to do is to allow connections to port 22/tcp, and
> deny anything else. (However I'd like not to break ICMP in the
> process).
>
> The scripts I've found on the web seem to be very long and
> complicated, because they deal with internal networks and DMZs and the
> like, none of which I have.
Try this:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/24 -j ACCEPT
Note the source network restriction in the last line - remove or tweak
to suit.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list