i have posted a nice script here
http://ubuntuforums.org/showpost.php...02&postcount=4
this is a version the will fit you best more:
PHP Code:
IPT=/sbin/iptables
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
# Accept all from localhot
$IPT -A INPUT -i lo -j ACCEPT
#add this line here to match first the established connections
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#also add this specific per if rule to let you use every method to the server just to make sure that everything is done properly.
#use this specific IP for a specific computer that will allow you to access the server for management purposes.
$IPT -A INPUT -s x.x.x.x/32 -j ACCEPT
#you can add these rules to more secure and safe by limiting "3 hits" per second for an ip
#defend from simple DOS
$IPT -A INPUT -p udp -m udp -m limit --limit 3/sec -m state --state NEW
$IPT -A INPUT -p tcp -m tcp -m limit --limit 3/sec -m state --state NEW
# Port 80 (www) open, and need add other like ssh or mail
$IPT -A INPUT -s x.x.x.0/24 -p tcp -p tcp -m tcp --dport 22, 80, 3306 -j ACCEPT
# ports 22,21 udp for tftp and other stuff of ftp and ssh
$IPT -A INPUT -s x.x.x.0/24 -p udp -m udp --dport 21,22 -j ACCEPT
Bookmarks