Cpanel için iptables komutları.

/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! –syn -j REJECT –reject-with tcp-reset
/sbin/iptables -A INPUT -m state –state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! –syn -j REJECT –reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state –state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! –syn -j REJECT –reject-with tcp-reset
/sbin/iptables -A FORWARD -m state –state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT

##Acceptable IP
/sbin/iptables -A INPUT -s x.x.x.xx -j ACCEPT #YOUR TRUSTED IP’s

##General Web/File Services
/sbin/iptables -A INPUT -p tcp –dport 80 -j ACCEPT #HTTP
/sbin/iptables -A INPUT -p tcp –dport 443 -j ACCEPT #HTTPS
/sbin/iptables -A INPUT -p tcp –dport 21 -j ACCEPT #FTP
/sbin/iptables -A INPUT -p tcp –dport 22 -j ACCEPT #SSH
/sbin/iptables -A INPUT -p tcp –dport 5666 -j ACCEPT #NRPE

##Email Services
/sbin/iptables -A INPUT -p tcp –dport 25 -j ACCEPT #SMTP
/sbin/iptables -A INPUT -p tcp –dport 110 -j ACCEPT #POP3
/sbin/iptables -A INPUT -p tcp –dport 143 -j ACCEPT #IMAP
/sbin/iptables -A INPUT -p tcp –dport 465 -j ACCEPT #SMTPs
/sbin/iptables -A INPUT -p tcp –dport 993 -j ACCEPT #IMAPs
/sbin/iptables -A INPUT -p tcp –dport 995 -j ACCEPT #POP3s

##cPanel Services
/sbin/iptables -A INPUT -p tcp –dport 2083 -j ACCEPT #cPanel
/sbin/iptables -A INPUT -p tcp –dport 2087 -j ACCEPT #WHM
/sbin/iptables -A INPUT -p tcp –dport 2096 -j ACCEPT #Webmail

##Allow Ping
/sbin/iptables -A INPUT -p icmp –icmp-type 8/0 -j ACCEPT

##Final Blocks
/sbin/iptables -A INPUT -j DROP
/sbin/iptables -A OUTPUT -j ACCEPT
/sbin/iptables -A FORWARD -j DROP