Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # Efface les règles précédentes
- iptables -t filter -F
- iptables -t filter -X
- # Bloque tout le trafic
- iptables -t filter -P INPUT DROP
- iptables -t filter -P FORWARD DROP
- iptables -t filter -P OUTPUT DROP
- # Ne ferme pas les connexions déjà établies
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Autorise le loopback
- iptables -t filter -A INPUT -i lo -j ACCEPT
- iptables -t filter -A OUTPUT -o lo -j ACCEPT
- # Autorise le SSH
- iptables -t filter -A INPUT -p tcp --dport 2222 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 2222 -j ACCEPT
- # Autorise l'ICMP (Ping)
- iptables -t filter -A INPUT -p icmp -j ACCEPT
- iptables -t filter -A OUTPUT -p icmp -j ACCEPT
- # Limitateur surcharge
- iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
- # Limitateur scan de ports
- iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement