Skip to content

Instantly share code, notes, and snippets.

@mgax
Created March 31, 2019 15:13
Show Gist options
  • Save mgax/c95416ee4942d3cabc330bc22a7667ee to your computer and use it in GitHub Desktop.
Save mgax/c95416ee4942d3cabc330bc22a7667ee to your computer and use it in GitHub Desktop.
Minimal firewall
[program:firewall]
user = root
command = /opt/firewall.sh
autorestart = false
#!/bin/bash -ex
iptables -D INPUT -j incoming || true
iptables -F incoming || true
iptables -X incoming || true
iptables -N incoming
iptables -A INPUT -j incoming
iptables -A incoming -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A incoming -i lo -j ACCEPT
iptables -A incoming -i docker0 -j ACCEPT
iptables -A incoming -p icmp --icmp-type 8 -j ACCEPT # ping
iptables -A incoming -p tcp --dport 22 -j ACCEPT
iptables -A incoming -p tcp --dport 80 -j ACCEPT
iptables -A incoming -p tcp --dport 443 -j ACCEPT
iptables -A incoming -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment