HEX
Server: nginx/1.18.0
System: Linux m1-ws1-ams3 5.4.0-148-generic #165-Ubuntu SMP Tue Apr 18 08:53:12 UTC 2023 x86_64
User: root (0)
PHP: 7.4.33
Disabled: NONE
$ pwd: /proc/1961476/root/etc/
Upload Files
File: //proc/1961476/root/etc/firewall.bash
#!/bin/bash
# iptables firewall for common LAMP servers.
#
# This file should be located at /etc/firewall.bash, and is meant to work with
# Jeff Geerling's firewall init script.
#
# Common port reference:
#   22: SSH
#   25: SMTP
#   80: HTTP
#   123: NTP
#   443: HTTPS
#   2222: SSH alternate
#   4949: Munin
#   6082: Varnish admin
#   8080: HTTP alternate (often used with Tomcat)
#   8983: Tomcat HTTP
#   8443: Tomcat HTTPS
#   9000: SonarQube
#
# @author Jeff Geerling

# No spoofing.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filter in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filter
done
fi

# Completely reset the firewall by removing all rules and chains.
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

# Accept traffic from loopback interface (localhost).
iptables -A INPUT -i lo -j ACCEPT

# Forwarded ports.

# Open ports.
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# Accept icmp ping requests.
iptables -A INPUT -p icmp -j ACCEPT

# Allow NTP traffic for time synchronization.
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
iptables -A INPUT -p udp --sport 123 -j ACCEPT

# Additional custom rules.
iptables -A INPUT -s 89.212.103.56 -j ACCEPT
iptables -A INPUT -s 128.199.49.88 -j ACCEPT
iptables -A INPUT -s 142.93.228.197 -j ACCEPT
iptables -A INPUT -s 188.166.96.115 -j ACCEPT

# Allow established connections:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Log EVERYTHING (ONLY for Debug).
# iptables -A INPUT -j LOG

# Log other incoming requests (all of which are dropped) at 15/minute max.
iptables -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "Dropped by firewall: "

# Drop all other traffic.
iptables -A INPUT -j DROP

# Configure IPv6 if ip6tables is present.
if [ -x "$(which ip6tables 2>/dev/null)" ]; then

  # Remove all rules and chains.
  ip6tables -F
  ip6tables -X

  # Accept traffic from loopback interface (localhost).
  ip6tables -A INPUT -i lo -j ACCEPT

  # Open ports.
      ip6tables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    ip6tables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    
  # Accept icmp ping requests.
  ip6tables -A INPUT -p icmpv6 -j ACCEPT

  # Allow NTP traffic for time synchronization.
  ip6tables -A OUTPUT -p udp --dport 123 -j ACCEPT
  ip6tables -A INPUT -p udp --sport 123 -j ACCEPT

  # Additional custom rules.
  
  # Allow established connections:
  ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

  # Log EVERYTHING (ONLY for Debug).
  # ip6tables -A INPUT -j LOG

    # Log other incoming requests (all of which are dropped) at 15/minute max.
  ip6tables -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "Dropped by firewall: "
  
  # Drop all other traffic.
  ip6tables -A INPUT -j DROP

fi
@ Telegram