Part of Slepp's ProjectsPastebinTURLImagebinFilebin
Feedback -- English French German Japanese
Create Upload Newest Tools Donate

Paste Actions

Download Raw
Embed
Post to Twitter
Remove Paste

Paste Details

Raw format, 10 years 9 months old.

Advertising

Anonymous
Monday, March 26th, 2007 at 4:13:01pm UTC 

  1. #!/bin/bash
  2. I=iptables
  3.  
  4. group_trusted="192.168.0.0/16"
  5. #               Dennis
  6. group_ssh="212.120.89.188"
  7. group_ftp="212.120.89.188"
  8. group_samba="212.120.89.188"
  9.  
  10. $I -PINPUT ACCEPT
  11. $I -POUTPUT ACCEPT
  12. $I -PFORWARD ACCEPT
  13. $I -F
  14. $I -X
  15. if [ "$1" = "stop" ]
  16. then
  17.         echo "Firewall completely flushed! Now running without firewall!"
  18.         exit 0
  19. fi
  20.  
  21. $I -AINPUT -i lo -j ACCEPT
  22. $I -AINPUT -m state --state INVALID -j DROP
  23. $I -AINPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  24.  
  25. $I -N trusted
  26.  
  27. for line in ${group_trusted} ; do
  28.   $I -Atrusted -s $line -j ACCEPT
  29.   echo "adding $line to trusted"
  30. done
  31.  
  32. $I -Nssh
  33. for line in ${group_ssh} ; do
  34.   $I -Assh -s $line -j ACCEPT
  35.   echo "adding $line to ssh"
  36. done
  37. $I -Assh -j trusted
  38.  
  39. $I -Nftp
  40. for line in ${group_ftp} ; do
  41.   $I -Aftp -s $line -j ACCEPT
  42.   echo "adding $line to ftp"
  43. done
  44. $I -Aftp -j trusted
  45.  
  46. $I -Nsamba
  47. for line in ${group_samba} ; do
  48.   $I -Asamba -s $line -j ACCEPT
  49.   echo "adding $line to samba"
  50. done
  51. $I -Asamba -j trusted
  52.  
  53. #####  Enable the rules for every group
  54.  
  55. #ssh
  56. $I -AINPUT -m state --state NEW -p TCP --dport 22 -j ssh
  57. $I -AINPUT -m state --state NEW -p TCP --dport 21 -j ftp
  58.  
  59. #samba
  60. $I -AINPUT -m state --state NEW -p UDP --dport 137 -j samba
  61. $I -AINPUT -m state --state NEW -p UDP --dport 138 -j samba
  62. $I -AINPUT -m state --state NEW -p TCP --dport 139 -j samba
  63. $I -AINPUT -m state --state NEW -p TCP --dport 445 -j samba
  64.  
  65. $I -A INPUT -p TCP --dport 80 -j ACCEPT
  66. $I -A INPUT -p TCP --dport 113 -j REJECT
  67.  
  68. #$I -PINPUT DROP
  69. #$I -POUTPUT ACCEPT
  70. #$I -PFORWARD DROP

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below
details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Save name / title?

(space separated, optional)



Please note that information posted here will not expire by default. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

comments powered by Disqus
worth-right