Here is an iptables script to set up a solid firewall on a CentOS web server. Remember to change the ip address on line 26 with your IP address, or you will lock yourself out of your own server!
[bash]#!/bin/bash
# Backup current iptables rules
iptables-save > /etc/sysconfig/iptables-previous
# Flush tables
iptables -F
# Block null packets
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
# Reject syn-flood attacks
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
# Reject XMAS packets
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
# Allow specific traffic
iptables -A INPUT -i lo -j ACCEPT
# HTTP and HTTPS traffic
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
# SSH from specified clients
iptables -A INPUT -p tcp -s 123.45.67.89 -m tcp –dport 22 -j ACCEPT
# Allow related connections
iptables -I INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections
iptables -P OUTPUT ACCEPT
# Block all other connections
iptables -P INPUT DROP
# Save iptables and restart service
iptables-save | sudo tee /etc/sysconfig/iptables[/bash]
Leave a Reply