Iptables
After The install is complete please keep the login details from the install in a safe and secure place. Just in case you need them later.
iptables
Basic Rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p tcp --dport 5080 -j ACCEPT
iptables -A INPUT -p udp --dport 5080 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Optional Rules
OPENVPN:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
SYSLOG:
iptables -A INPUT -p udp --dport 514 -j ACCEPT
ICMP:
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
Friendly Scanner
Rules to block not so friendly scanner
iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm
Optional
iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxIPUserAgent" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm
iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxIPUserAgent" --algo bm
Show iptable rules
iptables -L -v
Show line numbers
iptables -L -n -v --line-numbers
Delete a line
Delete line 2
iptables -D INPUT 2
Clear iptables rules
iptables -P INPUT ACCEPT
iptables -F
iptables -X
Block IP address
iptables -I INPUT -s 62.210.245.132 -j DROP
Save Changes
Debian / Ubuntu
apt-get install iptables-persistent
service iptables-persistent save
dpkg-reconfigure iptables-persistent
Iptables Configuration
Debian / Ubuntu
cd /etc/iptables
Activate rules.v4 file changes
iptables-restore < /etc/iptables/rules.v4