Incoming Rules:
Re-route HTTP,HTTPS connections to different port:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8443
Allow IP block for SSH connection:
iptables -A INPUT -i eth1 -p tcp -s 10.190.0.0/16 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPTAllow IP block for HTTP,HTTPS connection:
iptables -A INPUT -i eth1 -p tcp -m multiport --dports 8080,8443 -m state --state NEW,ESTABLISHED -j ACCEPTAllow IP block for ICMP:
iptables -A INPUT -p icmp --icmp-type 8 -s 10.190.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPTOutgoing rules:
Allow outgoing DB connection:
iptables -A OUTPUT -o eth1 -p tcp -m tcp --dport 1521 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth1 -p tcp -m tcp --sport 1521 -m state --state NEW,ESTABLISHED -j ACCEPT
Allow outgoing SSH,HTTP,HTTPS,SMTP connection:
iptables -A OUTPUT -o eth1 -p tcp -m multiport --dports 22,80,443,25,8080 -m state --state NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -i eth1 -p tcp -m multiport --sports 22,80,443,25,8080 -m state --state NEW,ESTABLISHED -j ACCEPT
Allow outgoing ICMP request:
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPTiptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
Allow outgoing DNS connection:
iptables -A OUTPUT -p udp -o eth1 --dport 53 -j ACCEPTiptables -A INPUT -p udp -i eth1 --sport 53 -j ACCEPT
Allow outgoing FTP connection:
iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPTiptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
Drop all other incoming traffic:
iptables -A INPUT -j LOGiptables -A INPUT -j DROP
Comments