search

Home >System Tutorial >LINUX >Basic configuration of iptables for VPS security, stay away from brute force cracking

Basic configuration of iptables for VPS security, stay away from brute force cracking

WBOY
WBOYOriginal
2024-06-03 18:01:51998browse

VPS安全之iptables基本配置 远离暴力破解

It’s just the most basic configuration. I’m too lazy to write about preventing floods. If someone really has a grudge against me and wants to DDOS me, then I’ll just give it up...

#Configuration, prohibit entry, allow exit, allow loopback network card

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT

#Allow ping, just don’t allow deletion

iptables -A INPUT -p icmp -j ACCEPT

#Allow ssh

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

#Allow ftp

iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

#Allow ftp passive interface range, which can be set in the ftp configuration file

iptables -A INPUT -p tcp --dport 20000:30000 -j ACCEPT

#Learn felix and set smtp to local

iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -s 127.0.0.1
iptables -A INPUT -p tcp -m tcp --dport 25 -j REJECT

#Allow DNS

iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT

#Allow http and https

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

#Allow status detection, too lazy to explain

iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP

#Save configuration

iptables-save > /etc/iptables

Just save it. Debian does not need to make iptables into a service separately. For details on how to make iptables automatically load at boot, please see the article "Imptables Firewall Automatic Loading at Boot under Debian"

I wrote the above paragraph and the following paragraph into sh, start{} and stop{}. When you need to modify the rules, it is better to clear and rebuild them directly, because the rules have order issues.

#Clear configuration

iptables -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

The above is the detailed content of Basic configuration of iptables for VPS security, stay away from brute force cracking. For more information, please follow other related articles on the PHP Chinese website!

接口 http https ssh debian ddos
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Some instructions and commands for creating users and specifying user groups in LinuxNext article:Some instructions and commands for creating users and specifying user groups in Linux

Related articles

See more