Basic iptables firewall template
From DevOps Notebook
# Flush INPUT/OUTPUT/FORWARD chains iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD # Drop invalid packets iptables -A INPUT -m conntrack --ctstate INVALID -j DROP # Pass everything on loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Accept incoming packets for established connections iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # Accept incoming ICMP iptables -A INPUT -p icmp -j ACCEPT # Accept incoming SSH iptables -A INPUT -p tcp --dport 2020 -j ACCEPT # Allow HTTP and HTTPS iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT # Accept SQL Connections on specific interface iptables -A INPUT -i ens19 -p tcp --dport 3306 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o ens19 -p tcp --sport 3306 -m conntrack --ctstate ESTABLISHED -j ACCEPT # Accept outgoing connections iptables -P OUTPUT ACCEPT # Drop everything else on INPUT/FORWARD iptables -P INPUT DROP iptables -P FORWARD DROP