# global variable for iptables binaryIPTABLES="/sbin/iptables"
# configure default policies for system chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
# flush system chain policies
$IPTABLES -F
# allow everything from localhost
$IPTABLES -A INPUT -s 127.0.0.1/32 -j ACCEPT
# allow SSH (DO NOT REMOVE)
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
# comment the above line and un-comment the below for access control
# make sure to replace X.X.X.X/NN with your source network addresses
#$IPTABLES -A INPUT -p tcp --dport 22 -s X.X.X.X/NN -j ACCEPT
# comment the below line if you want your server to respond to ICMP (ping)
$IPTABLES -A INPUT -p ICMP -j DROP
# un-comment the below line if you are running a webserver
#$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
# unc-omment the below lines if you are running a mailserver
#$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
#$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
#$IPTABLES -A INPUT -p udp --dport 143 -j ACCEPT
الجمعة، 28 مارس 2008
الاشتراك في:
تعليقات الرسالة (Atom)
ليست هناك تعليقات:
إرسال تعليق