iptables has three chains - INPUT, OUTPUT, FORWARD
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT -p udp -m state --state ESTABLISHED -j ACCEPT
iptables -P OUTPUT DROP
Configure iptables to
iptables -A FORWARD -p TCP --dport 80 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -P FORWARD DROP
Set default policy using -P flag
iptables -P INPUT DROPiptables -P OUTPUT DROP
iptables -P FORWARD DROP
Allow TCP traffic on port 80
iptables -A INPUT -p TCP --dport 80 -j ACCEPTAllow TCP traffic on port 443
iptables -A INPUT -p TCP --dport 443 -j ACCEPTAllow UDP traffic on port 53
iptables -A INPUT -p udp --dport 53 -j ACCEPTAllow TCP traffic on port 3306 only from 192.168.0.2
iptables -A INPUT -p tcp --dport 3306 -s 192.168.0.2 -j ACCEPTAllow outgoing TCP and UDP traffic on any port but only as part of existing connection state. DROP everything else
iptables -P OUTPUT -p tcp -m state --state ESTABLISHED -j ACCEPTiptables -P OUTPUT -p udp -m state --state ESTABLISHED -j ACCEPT
iptables -P OUTPUT DROP
Configure iptables to
(1) ACCEPT all TCP traffic on port 80 in the FORWARD chain
(2) ACCEPT all UDP traffic on port 53 if it comes from the IP 192.168.0.1 in the FORWARD chain
(3) Set the default FORWARD policy to DROP.
iptables -A FORWARD -p TCP --dport 80 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
iptables -P FORWARD DROP
No comments:
Post a Comment