*filter
# rules for our firewall
-A INPUT -i lo -p all -j ACCEPT
-A OUTPUT -o lo -p all -j ACCEPT
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
# open ports for some services
# open ssh
-A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
# open http
-A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
-A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
# drop all other inbound connections, only allow what we defined above
-P INPUT DROP
COMMIT
No comments:
Post a Comment