IPtables
by Kenneth Holmqvist
## Set default policies
iptables -P INPUT DROP
iptables -P FOWARD DROP
iptables -P OUTPUT DROP
## Allow traffic to and from the loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
## Allow outbound connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
## Allow others to ping this machine
iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
## Ratelimit incomming SSH connections
iptables -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptabes -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport ssh -m state --state NEW -j ACCEPT
## Save rules on Debian/Ubuntu
apt install iptables-persistent
netfilter-persistent save
## Save rules on RHEL
chkconfig iptables on
service iptables saveRead More →