If server is linux server then you can add this default iptable rules for open some common port and secure some ports.
# Generated by iptables-save v1.2.11
*raw
: PREROUTING ACCEPT [29:2132]
:OUTPUT ACCEPT [20:2224]
COMMIT
# Completed on Fri Feb 10 12:34:10 2006
# Generated by iptables-save v1.2.11 on Fri Feb 10 12:34:10 2006
*nat
: PREROUTING ACCEPT [0:0]
: POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Feb 10 12:34:10 2006
# Generated by iptables-save v1.2.11 on Fri Feb 10 12:34:10 2006
*mangle
: PREROUTING ACCEPT [29:2132]
:INPUT ACCEPT [29:2132]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20:2224]
: POSTROUTING ACCEPT [20:2224]
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN FIN,SYN -j DROP
COMMIT
# Completed on Fri Feb 10 12:34:10 2006
# Generated by iptables-save v1.2.11 on Fri Feb 10 12:34:10 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LOG_ACCEPT – [0:0]
:LOG_DROP – [0:0]
:icmp_packets – [0:0]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name SSH –rsource -j ACCEPT
-A INPUT -p tcp -m tcp –dport 22 -m recent –update –seconds 60 –hitcount 5 –rttl –name SSH –rsource -j LOG –log-prefix “SSH_Brute_Force”
-A INPUT -p tcp -m tcp –dport 22 -m recent –update –seconds 60 –hitcount 5 –rttl –name SSH –rsource -j DROP
-A INPUT -p tcp -m tcp –dport 25 -j LOG_ACCEPT
-A INPUT -p tcp -m tcp –dport 26 -j LOG_ACCEPT
-A INPUT -p tcp -m tcp –dport 43 -j ACCEPT
-A INPUT -p udp -m udp –dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 873 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 888 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2082 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2083 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2086 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2087 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2095 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2096 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 3333 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 6277 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 6666 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 7786 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8443 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 24441 -j ACCEPT
-A INPUT -p udp -m udp –sport 6277 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -p icmp -j ACCEPT
-A INPUT -j LOG_DROP
-A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 7 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 23 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -m owner –gid-owner mail -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -m owner –gid-owner mailman -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -m owner –uid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -j REJECT –reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp –dport 37 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 43 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 110 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 113 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 123 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 465 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 873 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 888 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 995 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 2087 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 2089 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 2703 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 5432 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 6277 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 6277 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 24441 -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -j LOG_DROP
-A LOG_ACCEPT -j LOG –log-prefix “[IPTABLES ACCEPT] : ” –log-tcp-options –log-ip-options
-A LOG_ACCEPT -j ACCEPT
-A LOG_DROP -j LOG –log-prefix “[IPTABLES DROP] : ” –log-tcp-options –log-ip-options
-A LOG_DROP -j DROP
-A icmp_packets -p icmp -m icmp –icmp-type 0 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 8 -m limit –limit 10/min –limit-burst 15 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 11 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 30 -j ACCEPT
COMMIT
# Completed
Author Widget
Acme Themes is team of expert WordPress developers. We provide Best Premium and Free Responsive WordPress Themes with incredible support & many other services.Advertisement
Latest Blog
Ads Image Compatible