API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 17th, 2014
366
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.51 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # iptables example configuration script
  4. #
  5. # Flush all current rules from iptables
  6. #
  7. iptables -F
  8. iptables -t nat -F
  9. iptables -t mangle -F
  10.  
  11. #
  12. # Allow SSH connections on tcp port 22 (or whatever port you want to use)
  13. #
  14. iptables -A INPUT -p tcp --dport 2111 -j ACCEPT
  15.  
  16. #
  17. # Set default policies for INPUT, FORWARD and OUTPUT chains
  18. #
  19. iptables -P INPUT DROP #using DROP for INPUT is not always recommended. Change to ACCEPT if you prefer.
  20. iptables -P FORWARD ACCEPT
  21. iptables -P OUTPUT ACCEPT
  22.  
  23. #
  24. # Set access for localhost
  25. #
  26. iptables -A INPUT -i lo -j ACCEPT
  27.  
  28. #
  29. # Accept packets belonging to established and related connections
  30. #
  31. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  32.  
  33. #
  34. #Accept connections on 1194 for vpn access from clients
  35. #Take note that the rule says "UDP", and ensure that your OpenVPN server.conf says UDP too
  36. #
  37. iptables -A INPUT -p udp --dport 1194 -j ACCEPT
  38.  
  39. #
  40. #Apply forwarding for OpenVPN Tunneling
  41. #
  42. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  43. iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
  44. iptables -A FORWARD -s 10.8.1.0/24 -j ACCEPT
  45. iptables -A FORWARD -j REJECT
  46.  
  47. #FOR ASSIGNING DIFFERENT PUBLIC IPS TO OPENVPN USERS
  48. iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -j SNAT --to-source VPNPUBLICIPHERE
  49. iptables -t nat -A POSTROUTING -s 10.8.1.1/24 -j SNAT --to-source SECONDARYVPNPUBLICIP
  50.  
  51. #
  52. # Some generally optional rules. Enable and disable these as per your requirements
  53. #
  54.  
  55. # Accept traffic with the ACK flag set
  56. iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
  57. # Accept responses to DNS queries
  58. iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
  59. # Accept responses to our pings
  60. iptables -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
  61. # Accept notifications of unreachable hosts
  62. iptables -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
  63. # Accept notifications to reduce sending speed
  64. iptables -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
  65. # Accept notifications of lost packets
  66. iptables -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
  67. # Accept notifications of protocol problems
  68. iptables -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
  69. # Respond to pings
  70. iptables -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
  71. # Accept traceroutes
  72. iptables -A INPUT -p udp -m udp --dport 33434:33523 -j ACCEPT
  73.  
  74. #
  75. # List rules
  76. #
  77. iptables -L -v
  78. service openvpn restart
  79. service iptables save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!