View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions IPTables Firewall Script
Log in to Ask a Question

IPTables Firewall Script

networking

I wrote this in December to help me deal with threats, on the fly.

It grabs the emerging threats DSBL and a fail2ban DNSBL.

You will need to customize this to fit your needs (Change Ports or Add Ports)

https://github.com/diveyez/fw.sh

iptables -A OUTPUT -p <protocol> --sport <port> -m state --state NEW -j ACCEPT >> /dev/null 2>&1
iptables -A OUTPUT -p <protocol> --sport <port> -m state --state NEW -j ACCEPT >> /dev/null 2>&1</port></protocol></port></protocol>

change and to the values you need, and stick them in the CUSTOM RULES section.

I do not put code on github, or anywhere with executable. Please also, chmod +x dofw.sh and the others if you wish to use them.

I use this for websites, game servers, basically anything.

I just believe other Linode users, primarily those with web services should have this. If you have not secured your linode, do it!

1 Reply

I am sorry to say but the poll is fairly inaccurate, IPFilter is fairly old and hasn't had a new version in Linux, it was mostly used on other *nix systems like Solaris (I think). Now days iptables is being replaced with firewalld, since they are both front-ends for the kernel netfilter.

To be more specific, current firewalls use ipsets, which take better care of long rules that iterate over thousands of IP addresses, much more efficient than piling up with thousands individual iptable rules.

Take a look at a post I wrote about how to block whole countries via firewalld ipsets: firewalld and ipset (country blacklist)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct