forked from blakeblackshear/blakeshome-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
iptables-rules-save
52 lines (39 loc) · 1.18 KB
/
iptables-rules-save
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Create chain for sshguard
-N sshguard
# Block sshguard ips
-A INPUT -j sshguard
# Accept all loopback (local) traffic:
-A INPUT -i lo -j ACCEPT
# Keep existing connections (like our SSH session) alive:
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Nginx
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Unifi controller
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
# Emulated hue
-A INPUT -p tcp -m tcp --dport 8300 -j ACCEPT
# Pihole
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
-I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
# Zway MQTT Bridge
-A INPUT -p tcp --dport 9009 -j ACCEPT
# Allow multicast (for Xiaomi gateways)
-I INPUT -p udp -j ACCEPT
# Samba
-A INPUT -p tcp --dport 139 -j ACCEPT
-A INPUT -p tcp --dport 445 -j ACCEPT
-A INPUT -p udp --dport 137 -j ACCEPT
-A INPUT -p udp --dport 138 -j ACCEPT
# Accept pings:
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
COMMIT