Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- echo Cleaning rules
- iptables -F
- iptables -X
- iptables -t nat -F
- iptables -t nat -X
- iptables -t mangle -F
- iptables -t mangle -X
- echo Loading modules for NAT and conntrack
- modprobe ip_conntrack
- #modprobe ip_conntrack_ftp (xp)
- echo Setting default filter policy
- iptables -P INPUT DROP
- iptables -P OUTPUT ACCEPT
- echo Configuring loopback access
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A OUTPUT -o lo -j ACCEPT
- iptables -A FORWARD -o lo -j ACCEPT
- echo Configuring UDP, DNS, Passive FTP
- iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
- echo Configuring externally visible ports
- # Pending
- echo Configuring NAT
- #iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
- #iptables --append FORWARD --in-interface eth0 -j ACCEPT
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- echo Configuring LAN access
- iptables -A INPUT -i eth0 -j ACCEPT
- iptables -A OUTPUT -o eth0 -j ACCEPT
- iptables -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
- echo Configuring Squid transparent proxy
- iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
- echo Set default behaviour to drop everything else
- iptables -A INPUT -j DROP
- iptables-save >/etc/iptables.rules
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
