This is a Script that I use to deploy and script iptables.
Sample handles ssh and mysql it’s easy to extend.
#!/bin/bash # # iptables example configuration script # # Flush all current rules from iptables # iptables -F # # Allow SSH connections on tcp port 22 # This is essential when working on remote servers via SSH to prevent locking yourself out of the system # # iptables -A INPUT -p tcp --dport 22 -j ACCEPT # SSH rules iptables -A INPUT -i eth0 -p tcp -s 193.50.90.251 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp -s 212.164.176.98 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT # mysql rules iptables -A INPUT -i eth0 -p tcp -s 193.50.90.251 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp -s 212.164.176.98 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT #Allow frontend 1 iptables -A INPUT -i eth0 -p tcp -s 191.94.70.36 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT #Allow Frontend 2 iptables -A INPUT -i eth0 -p tcp -s 191.94.70.38 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains # iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # Accept packets belonging to established and related connections # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # # Save settings # /sbin/service iptables save # # List rules # iptables -L -v
nJoy 🙂