Created
January 1, 2016 17:39
-
-
Save utamas/254b83421be038f65136 to your computer and use it in GitHub Desktop.
Sets up ubuntu firewall, dropping packages on ports that are not whitelisted.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setupFirewall() { | |
| # Flushing firewall rules. | |
| sudo iptables -F | |
| # Enabling outgoing packets. | |
| sudo iptables -P OUTPUT ACCEPT | |
| sudo iptables -P INPUT DROP | |
| sudo iptables -P FORWARD DROP | |
| sudo iptables -A INPUT --in-interface lo -j ACCEPT | |
| local ports=(22 80 443) | |
| for port in "${ports[@]}"; do | |
| sudo iptables -A INPUT -p tcp --dport $port -j ACCEPT | |
| done | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| sudo iptables-save > /etc/iptables.conf | |
| echo "post-up iptables-restore < /etc/iptables.conf" | sudo tee -a /etc/network/interfaces | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment