KKostya
10/15/2014 - 12:43 PM

iptables.h

# Flush
iptables -F

# Accept ssh 
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Accept outgoing connections
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Accept lo interface
iptables -A INPUT -i lo -j ACCEPT

# Open bunch more ports
iptables -A INPUT -p tcp -m tcp --dport 5000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 9066 -j ACCEPT

# Block typical DDOS attaks
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# Finishing
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

# See the rules
iptebles -L -n

# Restart

# Save
iptables-save | sudo tee /etc/sysconfig/iptables