firewall – SudoAll.com

This is a Script that I use to deploy and script iptables.

Sample handles ssh and mysql it’s easy to extend.

#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
 iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
#
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# SSH  rules
iptables -A INPUT -i eth0 -p tcp -s 193.50.90.251 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 212.164.176.98 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT


# mysql rules
iptables -A INPUT -i eth0 -p tcp -s 193.50.90.251 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 212.164.176.98 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
#Allow frontend 1
iptables -A INPUT -i eth0 -p tcp -s 191.94.70.36 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
#Allow Frontend 2
iptables -A INPUT -i eth0 -p tcp -s 191.94.70.38 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT




#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
 iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Save settings
#
 /sbin/service iptables save
#
# List rules
#
 iptables -L -v

nJoy 🙂

Tag: firewall

Centos 7 Firewall open a port

AWS link to obtain IP ranges programmatically by service !!!

Bacula firewall settings

Limiting access iptables