Configuration
_$: cd /etc
/etc/iptables.up.rules:
-----------------------
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-P INPUT DROP
-P FORWARD DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --src 88.26.XXX.YYY,88.2.XXX.YYY -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 --src 88.26.XXX.YYY,88.2.XXX.YYY -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 --src 88.26.XXX.YYY,88.2.XXX.YYY -j ACCEPT
-A INPUT -j DROP
COMMIT
/etc/iptables.default.rules:
----------------------------
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
_$: cd /etc/network/if-pre-up.d
/etc/network/if-pre-up.d/iptables:
----------------------------------
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules
_$: chmod +x /etc/network/if-pre-up.d/iptables
_$: cd /root
_$: mkdir -p /root/cron