> выше писалось об исходящих запросах к DNSДля VPN Сервера
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT
# DNS
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
Для Веб-сервера
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i eth0 -p TCP --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT
# DNS
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
Для прокси
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i eth0 -p TCP --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT
# DNS
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT