CentOS and RHEL iptables setting

Drop (block) Settings

Block incoming port connection
iptables -A INPUT -p tcp –destination-port 80 -j DROP

Block incoming port connection using network interface x
iptables -A INPUT -i eth1 -p tcp –destination-port 80 -j DROP

Block incoming port connection except for IP x (1.2.3.4)
iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4 –dport 80 -j DROP

Block incoming port connection except for these IPs
iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4,2.3.4.5,3.4.5.6 --dport 80 -j DROP

Block null packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Block syn-flood packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Block XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Flush all firewall rules
iptables -F

Accept Settings

Open port for port x (eg: HTTP & HTTPS)
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

Allow outgoing connection
iptables -I INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Allow outgoing connection and block incoming (after setting other rules)
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

Block DoS attack
iptables -A INPUT -p tcp –dport 80 -m limit –limit 25/minute –limit-burst 100 -j ACCEPT