IPtables rules for FTP Server using Debian 8

 

Server: Debian 8 (Jessie)
using vsFTPd

# Generated by iptables-save v1.4.21 on Wed May 17 14:12:10 2017
*filter
:INPUT DROP [6:468]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [154:17682]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -s 203.144.233.48/28 -p tcp -m tcp -j ACCEPT
-A INPUT -s 14.207.106.86/32 -p tcp -m tcp -j ACCEPT
-A INPUT -m iprange –src-range 192.168.103.100-192.168.103.163 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –sport 1024:65535 –dport 1024:65535 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A INPUT -s 103.23.235.238/32 -p tcp -m tcp -j ACCEPT
-A INPUT -p tcp -m tcp –sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 10000:10250 -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp –sport 1024:65535 –dport 1024:65535 -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp –sport 20 -j ACCEPT
COMMIT
# Completed on Wed May 17 14:12:10 2017

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.