X-Git-Url: https://plomlompom.com/repos/berlin_corona.txt?a=blobdiff_plain;ds=sidebyside;f=all_new_2018%2Flinkable_etc_files%2Fweb%2Fetc%2Fiptables%2Frules.v4;fp=all_new_2018%2Flinkable_etc_files%2Fweb%2Fetc%2Fiptables%2Frules.v4;h=9b714c6f4eba9a6f02d9db2f592e007379f59341;hb=500ec90dee8ba3b3eec0bbd6804bd23c874238c1;hp=0000000000000000000000000000000000000000;hpb=f516b485b15409f3550c25e5c92723d8a24c2e8a;p=config

diff --git a/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4
new file mode 100644
index 0000000..9b714c6
--- /dev/null
+++ b/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4
@@ -0,0 +1,18 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+# otherwise self-referential connections to local host will fail
+-A INPUT -i lo -j ACCEPT
+# tolerate any inbound connections requested by our server, no matter the port
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+# this enables ping etc.
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# HTTP
+-A INPUT -p tcp --dport 80 -j ACCEPT
+# HTTPS
+-A INPUT -p tcp --dport 443 -j ACCEPT
+COMMIT
+# this last line is here because iptables-restore ignores the final command if no newline follows it
\ No newline at end of file