Block All Traffic to Your New Remote Server


I block all traffic to a new server while I setup users and environment using Netfilter AKA iptables. Nothing else gets in or out of the box but me. This requires 2 scripts actually. One to close the machine to all other IPs but mine, and one to “unblock”. You need to unblock while installing other software, re. LAMP, when all the real basics are in place.

Block all but my IP with this bash script.

Be sure you have set BASH as the default shell!

sudo vi blockallbutme.sh


#!/bin/bash
# IP addresses
SERVER_IP="10.10.10.10"
# REMOTE = your PC
REMOTE_IP="192.192.192.192"

# Flushing all rules
iptables -F
iptables -X

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow SSH only from IP REMOTE_IP
iptables -A INPUT -p tcp -s $REMOTE_IP -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d $REMOTE_IP --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT

# make sure nothing else comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

# Log iptables denied calls
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied:" --log-level 7

If you run this script and you are locked out, a reboot should resolve that.

Unblock – open up the machine to all outside traffic with this bash script (do not enter these lines one at a time from the command line or you will lock yourself out of the server)

sudo vi openallips.sh

#!/bin/bash
# clear iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X

You may also like...