[Linux] iptables sample


Writing time : 2015-12-27 02:11:36

iptables sample

This is the newly installed CentOS 7.0 iptables.

# sample configuration for iptables service  
# you can edit this manually or use system-config-firewall  
# please do not ask us to add additional ports/services to this default configuration  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25  -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT  
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT  

Since iptables is applied from top to bottom, the list of allowed ports is listed at the beginning.

The last two lines mean that access is denied to all INPUT and FORWARD except for the allowed ports.

-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
Previous post

Next post

Other posts in the category