2 contributor
# vim: set ft=iptables :
-X
-F
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
# on autorise les boucles locales
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# DNS
-A OUTPUT -p udp --dport domain -j ACCEPT
# http
-A INPUT -p tcp -m multiport --dports http,https -j ACCEPT
-A INPUT -p tcp -m multiport --sports http,https -j ACCEPT
-A OUTPUT -p tcp -m multiport --sports http,https -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports http,https -j ACCEPT
#-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports http,https -j ACCEPT
#-A INPUT -p tcp -m state --state ESTABLISHED -m multiport --sports http,https -j ACCEPT
#-A OUTPUT -p tcp -m state --state ESTABLISHED -m multiport --sports http,https -j ACCEPT
#-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports http,https -j ACCEPT
-A OUTPUT -p tcp --destination 127.0.0.1 --dport http-alt -j ACCEPT
-A OUTPUT -p tcp --destination 127.0.0.1 --sport http-alt -j ACCEPT
-A INPUT -p tcp --dport ssh --source 192.168.1.51,192.168.1.52,78.193.238.123 -j ACCEPT
-A OUTPUT -p tcp --dport ssh --destination 192.168.1.51,192.168.1.52 -j ACCEPT
-A OUTPUT -p tcp --sport ssh --destination 192.168.1.51,192.168.1.52,78.193.238.123 -j ACCEPT
-A OUTPUT -p tcp --dport 2202 --destination 78.193.238.123 -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED -p tcp -m multiport --dports ssmtp,imaps -j ACCEPT
-A INPUT -m state --state ESTABLISHED -p tcp -m multiport --sports ssmtp,imaps -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED -p udp --dport ntp -j ACCEPT
-A OUTPUT -p tcp --destination 80.67.160.80 -j ACCEPT
-A INPUT -p tcp --source 80.67.160.80 -j ACCEPT
-A OUTPUT -p tcp --destination 192.168.1.254 -m multiport --dports microsoft-ds,netbios-ssn -j ACCEPT
-A OUTPUT -m udp -p udp --destination 192.168.1.54 --dport snmp -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j DROP