Basic iptables configuration for Linux

Posted on by Eric Ma In QA

What is a good basic iptables config?

Basic rules needed:

  • Allow incoming TCP to 22 for SSH but blocks all others.
  • Allow outgoing TCP/UDP connections.

You may consider using the following rules as a start:

for tables in iptables ip6tables ; do
    # Flush existing rules
    $tables -F

    # Default policy
    $tables -P INPUT DROP
    $tables -P FORWARD ACCEPT
    $tables -P OUTPUT ACCEPT

    # Allow established inbound connections
    $tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

    # Allow icmp
    $tables -A INPUT -p icmp -j ACCEPT

    # Allow all loopback traffic
    $tables -A INPUT -i lo -j ACCEPT

    # Allow inbound SSH connection
    $tables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
done
Read more:

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

Leave a Reply

Your email address will not be published. Required fields are marked *