Here is an iptables script to set up a solid firewall on a CentOS web server. Remember to change the ip address on line 26 with your IP address, or you will lock yourself out of your own server!
#!/bin/bash # Backup current iptables rules iptables-save > /etc/sysconfig/iptables-previous # Flush tables iptables -F # Block null packets iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # Reject syn-flood attacks iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Reject XMAS packets iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Allow specific traffic iptables -A INPUT -i lo -j ACCEPT # HTTP and HTTPS traffic iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # SSH from specified clients iptables -A INPUT -p tcp -s 123.45.67.89 -m tcp --dport 22 -j ACCEPT # Allow related connections iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections iptables -P OUTPUT ACCEPT # Block all other connections iptables -P INPUT DROP # Save iptables and restart service iptables-save | sudo tee /etc/sysconfig/iptables