Advertising
- Mine
- Wednesday, January 30th, 2008 at 12:23:14am UTC
- #!/bin/bash
- # No spoofing
- if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
- then
- for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
- do
- echo 1 > $filtre
- done
- fi
- # No icmp
- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
- echo 1 > /proc/sys/net/ipv4/ip_forward
- #load some modules you may need
- modprobe ip_tables
- modprobe ip_nat_ftp
- modprobe ip_nat_irc
- modprobe iptable_filter
- modprobe iptable_nat
- modprobe ip_conntrack_irc
- modprobe ip_conntrack_ftp
- # Remove all rules and chains
- iptables -F
- iptables -X
- # first set the default behaviour => accept connections
- iptables -P INPUT ACCEPT
- iptables -P OUTPUT ACCEPT
- iptables -P FORWARD ACCEPT
- # Create 2 chains, it allows to write a clean script
- iptables -N FIREWALL
- iptables -N TRUSTED
- # Allow ESTABLISHED and RELATED incoming connection
- iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow loopback traffic
- iptables -A FIREWALL -i lo -j ACCEPT
- # Send all package to the TRUSTED chain
- iptables -A FIREWALL -j TRUSTED
- # DROP all other packets
- iptables -A FIREWALL -j DROP
- # Send all INPUT packets to the FIREWALL chain
- iptables -A INPUT -j FIREWALL
- #openvpn
- iptables -A INPUT -i tun+ -j ACCEPT
- iptables -A INPUT -i TAP+ -j ACCEPT
- iptables -A FORWARD -i TAP+ -j FORWARD
- iptables -A FORWARD -i tun+ -j FORWARD
- iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
- iptables -A INPUT -i tun+ -j ACCEPT
- # Allow https
- iptables -A TRUSTED -i eth0 -p udp -m udp --dport 443 -j ACCEPT
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 8081 -j ACCEPT
- #ftp
- iptables -A TRUSTED -i eth0 -p udp -m udp --dport 21 -j ACCEPT
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
- #vpn
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 1194 -j ACCEPT
- # Allow IRC IDENT & DCC
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 6667 -j ACCEPT
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 113 -j ACCEPT
- # Allow bittorrent
- iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 6881:6889 -j ACCEPT
- #allow samba
- iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT
- iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT
- iptables -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
- # End message
- echo " [End iptables rules setting]"
advertising
Update the Post
Either update this post and resubmit it with changes, or make a new post.
You may also comment on this post.
Please note that information posted here will not expire by default. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.