CAll Us: USA +1 9176775553   Login

Default IP table rules for cPanel server

If server is linux server then you can add this default iptable rules for open some common port and secure some ports.

# Generated by iptables-save v1.2.11
*raw
: PREROUTING ACCEPT [29:2132]
:OUTPUT ACCEPT [20:2224]
COMMIT
# Completed on Fri Feb 10 12:34:10 2006
# Generated by iptables-save v1.2.11 on Fri Feb 10 12:34:10 2006
*nat
: PREROUTING ACCEPT [0:0]
: POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Feb 10 12:34:10 2006
# Generated by iptables-save v1.2.11 on Fri Feb 10 12:34:10 2006
*mangle
: PREROUTING ACCEPT [29:2132]
:INPUT ACCEPT [29:2132]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20:2224]
: POSTROUTING ACCEPT [20:2224]
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp –tcp-flags FIN,SYN FIN,SYN -j DROP
COMMIT
# Completed on Fri Feb 10 12:34:10 2006
# Generated by iptables-save v1.2.11 on Fri Feb 10 12:34:10 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LOG_ACCEPT – [0:0]
:LOG_DROP – [0:0]
:icmp_packets – [0:0]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name SSH –rsource -j ACCEPT
-A INPUT -p tcp -m tcp –dport 22 -m recent –update –seconds 60 –hitcount 5 –rttl –name SSH –rsource -j LOG –log-prefix “SSH_Brute_Force”
-A INPUT -p tcp -m tcp –dport 22 -m recent –update –seconds 60 –hitcount 5 –rttl –name SSH –rsource -j DROP
-A INPUT -p tcp -m tcp –dport 25 -j LOG_ACCEPT
-A INPUT -p tcp -m tcp –dport 26 -j LOG_ACCEPT
-A INPUT -p tcp -m tcp –dport 43 -j ACCEPT
-A INPUT -p udp -m udp –dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 873 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 888 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2082 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2083 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2086 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2087 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2095 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 2096 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 3333 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 5432 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 6277 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 6666 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 7786 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8443 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 24441 -j ACCEPT
-A INPUT -p udp -m udp –sport 6277 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -p icmp -j ACCEPT
-A INPUT -j LOG_DROP
-A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 7 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 23 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -m owner –gid-owner mail -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -m owner –gid-owner mailman -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -m owner –uid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 25 -j REJECT –reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp –dport 37 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 43 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 110 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 113 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 123 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 465 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 873 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 888 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 995 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 2087 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 2089 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 2703 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 5432 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 6277 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 6277 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 24441 -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -j LOG_DROP
-A LOG_ACCEPT -j LOG –log-prefix “[IPTABLES ACCEPT] : ” –log-tcp-options –log-ip-options
-A LOG_ACCEPT -j ACCEPT
-A LOG_DROP -j LOG –log-prefix “[IPTABLES DROP] : ” –log-tcp-options –log-ip-options
-A LOG_DROP -j DROP
-A icmp_packets -p icmp -m icmp –icmp-type 0 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 8 -m limit –limit 10/min –limit-burst 15 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 11 -j ACCEPT
-A icmp_packets -p icmp -m icmp –icmp-type 30 -j ACCEPT
COMMIT
# Completed

Leave a Reply