Rule 1: want to block all Incoming/Input connections, from port range 0 to 65535.
iptables -A INPUT -j DROP
or
iptables -A INPUT --sport 00:65535 -j DROP
Rule 2: In Outgoing/Output allow only tcp port 80,443, udp 53 & block all the remaining ports 0 to 65535
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 00:65535 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
same for other
blocking ping attempts
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
blocking dos attacks
iptables -A INPUT -p udp -m state --state NEW -m recent --update --seconds 1 --hitcount 5 --name DDOS --rsource -j DROP
|