Sample Working IPTables
-
Here is a sample, simple working IPTables file from CentOS 5:
# cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -s 1.0.0.0/255.0.0.0 -j DROP -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMITThis line:
-A INPUT -s 1.0.0.0/255.0.0.0 -j DROPIs an example of how to block a range you don't want to access your machine.
-
What if we wanted to simply default to DROP or REJECT for anything that doesn't have a specific rule?
Or is that what the last two -j REJECT lines are for?
-
Scratch that... I was able to figure it out.
The configuration that you posted by default denies everything but SSH.
Thanks!
-
@dafyre said:
Scratch that... I was able to figure it out.
The configuration that you posted by default denies everything but SSH.
Thanks!
Correct
