Web Server iptables Script

Here is an iptables script to set up a solid firewall on a CentOS web server. Remember to change the ip address on line 26 with your IP address, or you will lock yourself out of your own server!

#!/bin/bash

# Backup current iptables rules
iptables-save > /etc/sysconfig/iptables-previous

# Flush tables
iptables -F

# Block null packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

# Reject syn-flood attacks
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# Reject XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# Allow specific traffic
iptables -A INPUT -i lo -j ACCEPT

# HTTP and HTTPS traffic
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# SSH from specified clients
iptables -A INPUT -p tcp -s 123.45.67.89 -m tcp --dport 22 -j ACCEPT

# Allow related connections
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections
iptables -P OUTPUT ACCEPT

# Block all other connections
iptables -P INPUT DROP

# Save iptables and restart service
iptables-save | sudo tee /etc/sysconfig/iptables

Leave a Reply Cancel reply

%d bloggers like this: