Part of Slepp's ProjectsPastebinTURLImagebinFilebin
Feedback -- English French German Japanese
Create Upload Newest Tools Donate

Advertising

Mine
Wednesday, January 30th, 2008 at 12:07:36am UTC 

  1. Removing all iptables rules:  [End of flush]
  2. Iptables rules creation: iptables v1.3.6: Couldn't load target `FOWARD':/lib/iptables/libipt_FOWARD.so: cannot open shared object file: No such file or directory
  3.  
  4. Try `iptables -h' or 'iptables --help' for more information.
  5. iptables v1.3.6: Couldn't load target `FOWARD':/lib/iptables/libipt_FOWARD.so: cannot open shared object file: No such file or directory
  6.  
  7. Try `iptables -h' or 'iptables --help' for more information.
  8.  [End iptables rules setting]
  9. [email protected]:~$ cat /etc/firewall.bash
  10. #!/bin/bash
  11.  
  12. # No spoofing
  13. if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
  14. then
  15. for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
  16. do
  17. echo 1 > $filtre
  18. done
  19. fi
  20.  
  21. # No icmp
  22. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
  23. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  24. echo 1 > /proc/sys/net/ipv4/ip_forward
  25. #load some modules you may need
  26. modprobe ip_tables
  27. modprobe ip_nat_ftp
  28. modprobe ip_nat_irc
  29. modprobe iptable_filter
  30. modprobe iptable_nat
  31. modprobe ip_conntrack_irc
  32. modprobe ip_conntrack_ftp
  33.  
  34. # Remove all rules and chains
  35. iptables -F
  36. iptables -X
  37.  
  38. # first set the default behaviour => accept connections
  39. iptables -P INPUT ACCEPT
  40. iptables -P OUTPUT ACCEPT
  41. iptables -P FORWARD ACCEPT
  42.  
  43. # Create 2 chains, it allows to write a clean script
  44. iptables -N FIREWALL
  45. iptables -N TRUSTED
  46.  
  47. # Allow ESTABLISHED and RELATED incoming connection
  48. iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
  49. # Allow loopback traffic
  50. iptables -A FIREWALL -i lo -j ACCEPT
  51. # Send all package to the TRUSTED chain
  52. iptables -A FIREWALL -j TRUSTED
  53. # DROP all other packets
  54. iptables -A FIREWALL -j DROP
  55.  
  56. # Send all INPUT packets to the FIREWALL chain
  57. iptables -A INPUT -j FIREWALL
  58.  
  59. #openvpn
  60. iptables -A INPUT -i tun+ -j ACCEPT
  61. iptables -A INPUT -i TAP+ -j ACCEPT
  62. iptables -A FORWARD -i TAP+ -j FOWARD
  63. iptables -A FORWARD -i tun+ -j FOWARD
  64. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
  65. iptables -A INPUT -i tun+ -j ACCEPT
  66.  
  67.  
  68. # Allow https
  69. iptables -A TRUSTED -i eth0 -p udp -m udp --dport 443 -j ACCEPT
  70. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  71. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
  72. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
  73. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 8081 -j ACCEPT
  74.  
  75.  
  76. #ftp
  77. iptables -A TRUSTED -i eth0 -p udp -m udp --dport 21 -j ACCEPT
  78. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
  79.  
  80. #vpn
  81. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 1194 -j ACCEPT
  82.  
  83. # Allow IRC IDENT & DCC
  84. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 6667 -j ACCEPT
  85. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 113 -j ACCEPT
  86.  
  87. # Allow bittorrent
  88. iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 6881:6889 -j ACCEPT
  89.  
  90. #allow samba
  91. iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT
  92. iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT
  93. iptables -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
  94. iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
  95. iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
  96.  
  97. # End message
  98. echo " [End iptables rules setting]"

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below
details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Save name / title?

(space separated, optional)



Please note that information posted here will not expire by default. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

comments powered by Disqus
worth-right
worth-right
worth-right