Advertising
- Anonymous
- Monday, March 26th, 2007 at 4:13:01pm UTC
- #!/bin/bash
- I=iptables
- group_trusted="192.168.0.0/16"
- # Dennis
- group_ssh="212.120.89.188"
- group_ftp="212.120.89.188"
- group_samba="212.120.89.188"
- $I -PINPUT ACCEPT
- $I -POUTPUT ACCEPT
- $I -PFORWARD ACCEPT
- $I -F
- $I -X
- if [ "$1" = "stop" ]
- then
- echo "Firewall completely flushed! Now running without firewall!"
- exit 0
- fi
- $I -AINPUT -i lo -j ACCEPT
- $I -AINPUT -m state --state INVALID -j DROP
- $I -AINPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- $I -N trusted
- for line in ${group_trusted} ; do
- $I -Atrusted -s $line -j ACCEPT
- echo "adding $line to trusted"
- done
- $I -Nssh
- for line in ${group_ssh} ; do
- $I -Assh -s $line -j ACCEPT
- echo "adding $line to ssh"
- done
- $I -Assh -j trusted
- $I -Nftp
- for line in ${group_ftp} ; do
- $I -Aftp -s $line -j ACCEPT
- echo "adding $line to ftp"
- done
- $I -Aftp -j trusted
- $I -Nsamba
- for line in ${group_samba} ; do
- $I -Asamba -s $line -j ACCEPT
- echo "adding $line to samba"
- done
- $I -Asamba -j trusted
- ##### Enable the rules for every group
- #ssh
- $I -AINPUT -m state --state NEW -p TCP --dport 22 -j ssh
- $I -AINPUT -m state --state NEW -p TCP --dport 21 -j ftp
- #samba
- $I -AINPUT -m state --state NEW -p UDP --dport 137 -j samba
- $I -AINPUT -m state --state NEW -p UDP --dport 138 -j samba
- $I -AINPUT -m state --state NEW -p TCP --dport 139 -j samba
- $I -AINPUT -m state --state NEW -p TCP --dport 445 -j samba
- $I -A INPUT -p TCP --dport 80 -j ACCEPT
- $I -A INPUT -p TCP --dport 113 -j REJECT
- #$I -PINPUT DROP
- #$I -POUTPUT ACCEPT
- #$I -PFORWARD DROP
advertising
Update the Post
Either update this post and resubmit it with changes, or make a new post.
You may also comment on this post.
Please note that information posted here will not expire by default. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.