IPTables Configuration Example Script

Here is basic IPTables Configuration Example Shell Script. This IPTables basic rules will configure IPTables to open HTTP/HTTPS, PING for whole world, and SSH for your IP. Blocks everything else. GitHub

Install iptables persistent package

To make IPTables rules persistent and auto load after reboot, install iptables persistent package for Ubuntu/Debian:

$ sudo apt-get install iptables-persistent

Create Shell Script File

Create new iptables_firewall.sh file,

$ sudo touch iptables_firewall.sh

and make it executable:

$ sudo chmod +x iptables_firewall.sh

IPTables Configuration

Open in text editor iptables_firewall.sh file paste text below.

Change YOUR_IP to your IP address.

Then save and close it.

#!/bin/sh

# Clear IPTables rules:
iptables -P INPUT ACCEPT
iptables -F
iptables -X

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH connections from YOUR_IP 
iptables -A INPUT -p tcp -m tcp -m state -m comment -s YOUR_IP --dport 22 --state NEW -j ACCEPT --comment "SSH"

# Allow HTTP/HTTPS 
iptables -A INPUT -p tcp -m tcp -m state -m comment -s 0.0.0.0/0 --dport 80 --state NEW -j ACCEPT --comment " HTTP "
iptables -A INPUT -p tcp -m tcp -m state -m comment -s 0.0.0.0/0 --dport 443 --state NEW -j ACCEPT --comment " HTTPS "

# Allow PING's
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Save rules
iptables-save

Now you can execute iptables_firewall.sh our shell script:

$ sudo ./iptables_firewall.sh

Check Status of IPTables

To check status of IPTables run following command as root:

# iptables -L -n

Example output:

Conclusion

We just learned how to write basic IPTables Configuration Example Script for web servers.

   

If you like what you are reading, please:

Buy me a coffee