Write a iptables script that blocks everything except ping (icmp) and ssh (port 22), http (80) and https (443).


-m says load a module state which allows access to the connection tracking state of the packets
–state precedes a comma separated list of the connection states to match. In this case it’s NEW.
NEW the packet has started a new connection or a connection that has not seen packets going in both directions
-m tcp load the tcp module (just like we loaded the state module) this module allows us extra functionality with tcp
-p tcp specifies protocol, in my case TCP
–dport 22 feature provided by the -m tcp module, in this case I want the rule to be applicable to port 22 (ssh).
-j ACCEPT means the results of this chain is to accept the packets. (-j specifies the target of the rule if the packet matches the rule. If I said -j DROP we would block all traffic to port 22).

Leave a Reply