2

I own a VPS running Debian and i want to avoid security breaches from "outside" (via Internet).

I want to guarantee these rules:

  • Allow all outbound traffic;
  • Allow HTTPS connections from IP 1, 2, 3;
  • Allow SSH connections from IP 4.

So, anything else should be blocked. Are iptables enough?

Christopher
  • 143
  • 4

1 Answers1

3

Yes, iptables will do the job.

  • Set default policy for OUTPUT to accept: iptables -P OUTOUT ACCEPT.
  • Allow all IPs by repeating same rule but changing source IP like: iptables -A INPUT -s ip1 -p tcp --dport 443 -j ACCEPT.
  • Allow SSH port 22: iptables -A INPUT -s ip4 -p tcp --dport 22 -j ACCEPT.

You need to deny other traffic for INPUT chain or set default policy to DROP.

Don't forget to allow RELATED and ESTABLISHED traffic.

Khaled
  • 36,533
  • 8
  • 72
  • 99
  • 1
    Note: this doesn't create a private network. It permits you to secure connections over a public network, which is not the same thing. – Mike Scott Jul 25 '15 at 20:11