simple iptables question
- ACCEPT EVERYTHING, EXCEPT FROM SOME NETWORKS
My intention is only to block connection from some networks, but allow everything else normally.
You can see the script below. Can you firewall experts help me to verify if its correct ? Before I implemented in my server
Is this correct with the ACCEPT EVERYTHING part ? I dont want my server services be blocked. I only need to block the BAD GUYS.
Please help.
#!/bin/bash
#---------------------------------------------------------------
# Initialize all the chains by removing all the rules
# tied to them
#---------------------------------------------------------------
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
#---------------------------------------------------------------
# Now that the chains have been initialized, the user defined
# chains should be deleted. We'll recreate them in the next step
#---------------------------------------------------------------
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain
#---------------------------------------------------------------
# The loopback interface should accept all traffic
# Necessary for X-Windows and other socket based services
#---------------------------------------------------------------
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -N firewalled
iptables -A firewalled -m limit --limit 15/minute -j LOG --log-prefix Firewalled:
iptables -A firewalled -j DROP
#---- BLOCKING BAD GUYS (example)
iptables -A INPUT -s 66.77.88.99 -j firewalled
iptables -A INPUT -s 80.80.0.0/16 -j firewalled
#---- END SCRIPT
