Home > Article > System Tutorial > Basic configuration of iptables for VPS security, stay away from brute force cracking
Basic configuration of iptables for VPS security, stay away from brute force cracking
- WBOYOriginal
- 2024-06-03 18:01:51936browse
It’s just the most basic configuration. I’m too lazy to write about preventing floods. If someone really has a grudge against me and wants to DDOS me, then I’ll just give it up...
#Configuration, prohibit entry, allow exit, allow loopback network card
iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT
#Allow ping, just don’t allow deletion
iptables -A INPUT -p icmp -j ACCEPT
#Allow ssh
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
#Allow ftp
iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#Allow ftp passive interface range, which can be set in the ftp configuration file
iptables -A INPUT -p tcp --dport 20000:30000 -j ACCEPT
#Learn felix and set smtp to local
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -s 127.0.0.1 iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT
#Allow DNS
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
#Allow http and https
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#Allow status detection, too lazy to explain
iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP
#Save configuration
iptables-save > /etc/iptables
Just save it. Debian does not need to make iptables into a service separately. For details on how to make iptables automatically load at boot, please see the article "Imptables Firewall Automatic Loading at Boot under Debian"
I wrote the above paragraph and the following paragraph into sh, start{} and stop{}. When you need to modify the rules, it is better to clear and rebuild them directly, because the rules have order issues.
#Clear configuration
iptables -F iptables -X iptables -Z iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT
The above is the detailed content of Basic configuration of iptables for VPS security, stay away from brute force cracking. For more information, please follow other related articles on the PHP Chinese website!