logauth
/
setup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[update] iptables allows apt-get and dns

This commit is contained in:
xdrm-brackets 2017-05-10 15:50:13 +02:00
parent a934e22f0e
commit e0e3d2b43a
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
clone/utility/iptables
View File

@ -6,18 +6,23 @@ iptables -P INPUT DROP;
# maintenance
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT;
iptables -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT;
# SMMP-server
iptables -A INPUT -p tcp -m tcp --sport 22 -j ACCEPT;
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT;
# SMMP
iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT;
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT;
# apt-get
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT;
# dns
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT;
iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT;
iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT;
iptables -A INPUT -p tcp --sport 53 -m state --state ESTABLISHED -j ACCEPT;
iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT;
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT;
# accept as INPUT all already ESTABLISHED connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
# accept to OUTPUT all already ESTABLISHED connections
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;