Sample iptables ruleset

By | February 1, 2015

Disclaimer: This is only a template to help you build an iptables ruleset that will best fit your solution, it is not intended to be a security standard nor will it fit every environment. Please use this sample only to help you with syntax and ideas on how to use iptables.

This ruleset can be placed in /etc/sysconfig/iptables to be activated when IPtables restarts. This ruleset can be placed in most distributions and will be activated when IPtables restarts.

Default locations of IPtables rulesets:

  • Fedora/RedHat/RHEL: /etc/sysconfig/iptables
  • Ubuntu/Debian: /etc/iptables.rules (Can be changed with iptables-save command)

Note: These may vary by distribution and version


# Dropping incoming connections that don't have explecit rules bellow
:INPUT DROP [68:4456]
:OUTPUT ACCEPT [1628:151823]

# Allow established connections for both public and private connections
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Opening ports wide open
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

# Opening a port to a specific IP
-A INPUT -p tcp -m tcp --dport 10000 -s -j ACCEPT

# Opening a port to a range of IPs
-A INPUT -p tcp -m tcp --dport 20000 -s -j ACCEPT

# Commmiting the rules to the firewall


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.