Permalink
Browse files

fixed iptables rules

  • Loading branch information...
1 parent b92160c commit 9c7f57db4f6878463766ba7fa8d794c8457c23c5 Michael Schiller committed Sep 30, 2012
Showing with 11 additions and 3 deletions.
  1. +11 −3 chef/site-cookbooks/server/templates/default/iptables/default_rules.erb
@@ -4,13 +4,21 @@
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
+# localhost
+-A INPUT -s 127.0.0.1 -j ACCEPT
+-A OUTPUT -s 127.0.0.1 -j ACCEPT
+
# SSH
-A INPUT -p tcp --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 513:65535 --dport 22 -j ACCEPT
-# Apache2
--A OUTPUT -p tcp --sport 1024:65535 -m multiport --dports 20,21 -j ACCEPT
--A OUTPUT -p tcp --sport 1024:65535 -m multiport --dports 80,443 -j ACCEPT
+# https
+-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
+
+# https
+-A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# FTP
-A INPUT -p tcp --dport 20 -j ACCEPT

0 comments on commit 9c7f57d

Please sign in to comment.