API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 31st, 2014
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.13 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. # Efface les règles précédentes
  4. iptables -t filter -F
  5. iptables -t filter -X
  6.  
  7. # Bloque tout le trafic
  8. iptables -t filter -P INPUT DROP
  9. iptables -t filter -P FORWARD DROP
  10. iptables -t filter -P OUTPUT DROP
  11.  
  12. # Ne ferme pas les connexions déjà établies
  13. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  14. iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  15.  
  16. # Autorise le loopback
  17. iptables -t filter -A INPUT -i lo -j ACCEPT
  18. iptables -t filter -A OUTPUT -o lo -j ACCEPT
  19.  
  20. # Autorise le SSH
  21. iptables -t filter -A INPUT -p tcp --dport 2222 -j ACCEPT
  22. iptables -t filter -A OUTPUT -p tcp --dport 2222 -j ACCEPT
  23.  
  24. # Autorise l'ICMP (Ping)
  25. iptables -t filter -A INPUT -p icmp -j ACCEPT
  26. iptables -t filter -A OUTPUT -p icmp -j ACCEPT
  27.  
  28. # Limitateur surcharge
  29. iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
  30. iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
  31. iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
  32.  
  33. # Limitateur scan de ports
  34. iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!