#!/bin/sh ######## # IPv4 # ######## # Flush iptables -F iptables -X # Politics iptables -P OUTPUT DROP iptables -P INPUT DROP iptables -P FORWARD DROP # Established connexions iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT # Authorize loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # SSH iptables -A INPUT -p tcp --dport 2210 -j ACCEPT # HTTP(S) iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT # DNS iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # Mail iptables -A OUTPUT -p tcp --dport 465 -j ACCEPT # XMPP iptables -A OUTPUT -p tcp --dport 5222 -j ACCEPT iptables -A INPUT -p tcp --dport 5222 -j ACCEPT iptables -A OUTPUT -p tcp --dport 5269 -j ACCEPT iptables -A INPUT -p tcp --dport 5269 -j ACCEPT # NTP iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT # DLNA iptables -A INPUT -s 192.168.1.0/16 -p tcp --dport 8200 -j ACCEPT iptables -A OUTPUT -d 192.168.1.0/16 -p tcp --dport 8200 -j ACCEPT # Gemini iptables -A INPUT -p tcp --dport 1965 -j ACCEPT iptables -A OUTPUT -p tcp --dport 1965 -j ACCEPT iptables -A INPUT -p tcp --dport 1966 -j ACCEPT ## Accept all local traffic iptables -A OUTPUT -d 192.168.1.0/16 -j ACCEPT iptables -A INPUT -s 192.168.1.0/16 -j ACCEPT ######## # IPv6 # ######## # Flush #ip6tables -F #ip6tables -X # Politics #ip6tables -P OUTPUT DROP #ip6tables -P INPUT DROP #ip6tables -P FORWARD DROP # Established connexions #ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT #ip6tables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT # Authorize loopback #ip6tables -A INPUT -i lo -j ACCEPT #ip6tables -A OUTPUT -o lo -j ACCEPT # SSH #ip6tables -A INPUT -p tcp --dport 2210 -j ACCEPT # HTTP(S) #ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT #ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT #ip6tables -A OUTPUT -p tcp --dport 80 -j ACCEPT #ip6tables -A OUTPUT -p tcp --dport 443 -j ACCEPT