This script generates a simple, yet effective, iptables firewall policy for use on independent hosts (such as web servers, etc.) connected directly to the Internet.
General Options
Allow traffic to/from loopback device Block outgoing traffic (does not affect established sessions and DNS queries)
Usually, anything arriving or exiting on a loopback interface should be allowed. This is because local applications sometimes bounce data to each other using the TCP/IP stack via loopback.
Accept Inbound Traffic
FTP (21) SSH (22) SMTP (25) HTTP (80) POP3 (110) NTP (123) DHCP (67) DNS (53) Samba (137-139,445)
By default, all inbound traffic is blocked. Thus, select the services your want the outside world to have access to on your host.
Accept Inbound ICMP Messages
Ping (echo-request) Traceroute (Time Exceeded)
ICMP (Internet Control Message Protocol) messages are used to report error conditions and controlling connections to your server. If you wish your host to be able to respond to ping or traceroute, enable the options above.
Restrict Inbound Client Access
Allowed network
By default, 0.0.0.0/0 will allow anyone to access the available services. In order to only allow private LAN clients, set this value to 10.0.0.0/24 or similar.
0.0.0.0/0
10.0.0.0/24