Here I'm going to set Iptables in linux to allow traffic from perticular source to perticular destination on perticular port. Other incoming/outgoing traffic will be blocked.
rules are given in script file.
#!/bin/sh
# My system IP/set ip address of server
SERVER_IP="192.168.100.233"
# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming ssh only
iptables -A INPUT -p tcp -s 192.168.100.32 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming DB2 only
iptables -A INPUT -p tcp -s 192.168.100.231 -d $SERVER_IP --sport 513:65535 --dport 50000 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 50000 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming NAGIOS only
iptables -A INPUT -p tcp -s 192.168.100.253 -d $SERVER_IP --sport 513:65535 --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 5666 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming ICMP only
iptables -A INPUT -p tcp -s 192.168.100.253 -d $SERVER_IP --sport 513:65535 --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 5666 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
# make sure nothing comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
The above rules are self explanatory. Lets discuss if you have any query.
Thank you.
No comments:
Post a Comment