Basic configuration of iptables for VPS security, stay away from brute force cracking-Linux-php.cn

Basic configuration of iptables for VPS security, stay away from brute force cracking

WBOY

Release： 2024-06-03 18:01:51

Original

844 people have browsed it

VPS安全之iptables基本配置远离暴力破解

It’s just the most basic configuration. I’m too lazy to write about preventing floods. If someone really has a grudge against me and wants to DDOS me, then I’ll just give it up...

#Configuration, prohibit entry, allow exit, allow loopback network card

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT

Copy after login

#Allow ping, just don’t allow deletion

iptables -A INPUT -p icmp -j ACCEPT

Copy after login

#Allow ssh

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Copy after login

#Allow ftp

iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

Copy after login

#Allow ftp passive interface range, which can be set in the ftp configuration file

iptables -A INPUT -p tcp --dport 20000:30000 -j ACCEPT

Copy after login

#Learn felix and set smtp to local

iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -s 127.0.0.1
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT

Copy after login

#Allow DNS

iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT

Copy after login

#Allow http and https

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Copy after login

#Allow status detection, too lazy to explain

iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP

Copy after login

#Save configuration

iptables-save > /etc/iptables

Copy after login

Just save it. Debian does not need to make iptables into a service separately. For details on how to make iptables automatically load at boot, please see the article "Imptables Firewall Automatic Loading at Boot under Debian"

I wrote the above paragraph and the following paragraph into sh, start{} and stop{}. When you need to modify the rules, it is better to clear and rebuild them directly, because the rules have order issues.

#Clear configuration

iptables -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

Copy after login

The above is the detailed content of Basic configuration of iptables for VPS security, stay away from brute force cracking. For more information, please follow other related articles on the PHP Chinese website!