Skip to main content

2_les différentes règles

Réinitialisation de la configuration

iptables -t filter -F
iptables -t filter -X

Acceptation des connexions déjà établi

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Anti DoS

iptables -A FORWARD -p tcp --syn -m limit --limit 2/second -j ACCEPT
iptables -A FORWARD -p udp -m limit --limit 2/second -j ACCEPT
iptables -A INPUT -p tcp --syn -m limit --limit 2/s --limit-burst 30 -j ACCEPT

Anti NMAP

iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 1/h -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL ALL -m limit --limit 1/h -j ACCEPT

Accepte le NTP

iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

Accepte le port 53 DNS

iptables -t filter -A OUTPUT -o "interface" -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -o "interface" -p udp --dport 53 -j ACCEPT

Accepte le HTTP & le HTTPS

iptables -t filter -A OUTPUT -o "interface" -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -o "interface" -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -i "interface" -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -i "interface" -p tcp --dport 443 -j ACCEPT

L'ICMP

iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

FTP

iptables -t filter -A OUTPUT -o "interface" -p tcp --dport 20 -j ACCEPT
iptables -t filter -A OUTPUT -o "interface" -p tcp --dport 21 -j ACCEPT
iptables -t filter -A INPUT -i "interface" -p tcp --dport 20 -j ACCEPT
iptables -t filter -A INPUT -i "interface" -p tcp --dport 21 -j ACCEPT

ICMP

iptables -A INPUT -p icmp -j DROP

Tout drop

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
Back to top