server_config/iptables/iptables/rules.sh

# General rules
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Fail2Ban
iptables -N f2b-sshd
iptables -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
iptables -A INPUT -p tcp -m multiport --dports 55555 -j f2b-sshd

# LoopBack
iptables -A INPUT -i lo -j ACCEPT

# Keep Opened connection
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Anti DDOS
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -m limit --limit 1/sec --limit-burst 1 -j ACCEPT

# SSH
iptables -A INPUT -p tcp -m tcp --dport 55555 -j ACCEPT

# Main proxy
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # HTTP
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # HTTPS
iptables -A INPUT -p udp --dport 443 -j ACCEPT # QUIC

# Fail2Ban -Return-
iptables -A f2b-sshd -j RETURN
feat: add `iptables` config files 2024-05-29 12:40:06 +02:00			`# General rules`
			`iptables -P INPUT DROP`
			`iptables -P FORWARD DROP`
			`iptables -P OUTPUT DROP`

			`# Fail2Ban`
			`iptables -N f2b-sshd`
			`iptables -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd`
			`iptables -A INPUT -p tcp -m multiport --dports 55555 -j f2b-sshd`

			`# LoopBack`
			`iptables -A INPUT -i lo -j ACCEPT`

			`# Keep Opened connection`
			`iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT`

			`# Anti DDOS`
			`iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -m limit --limit 1/sec --limit-burst 1 -j ACCEPT`

			`# SSH`
			`iptables -A INPUT -p tcp -m tcp --dport 55555 -j ACCEPT`

			`# Main proxy`
			`iptables -A INPUT -p tcp --dport 80 -j ACCEPT # HTTP`
			`iptables -A INPUT -p tcp --dport 443 -j ACCEPT # HTTPS`
			`iptables -A INPUT -p udp --dport 443 -j ACCEPT # QUIC`

			`# Fail2Ban -Return-`
			`iptables -A f2b-sshd -j RETURN`