Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # Author: jzverina@m-atelier.cz
- # Date: 17.9.2007
- # Usage:
- # TRUSTED_HOSTS=":22 :80 10.0.0.80:8080 12.12.12.12"
- # BLACKLIST="61.221.112.46:22 64.151.69.88:22"
- TRUSTED_HOSTS=":22 :80 10.0.0.80:8080 12.12.12.12"
- BLACKLIST="61.221.112.46:22 64.151.69.88:22"
- DEBUG=0
- i=/sbin/iptables
- $i -P INPUT DROP
- $i -P FORWARD DROP
- $i -F
- $i -X
- $i -A INPUT -p icmp -j ACCEPT
- for hostString in `echo $BLACKLIST`
- do
- host=`echo "$hostString:"|cut -d: -f 1`
- port=`echo "$hostString:"|cut -d: -f 2`
- if [ -n "$port" ]
- then
- if [ -n "$host" ]
- then
- $i -A INPUT -p tcp --dport $port -s $host -j DROP
- else
- $i -A INPUT -p tcp --dport $port -j DROP
- fi
- else
- $i -A INPUT -s $host -j DROP
- fi
- done
- for hostString in `echo $TRUSTED_HOSTS`
- do
- host=`echo "$hostString:"|cut -d: -f 1`
- port=`echo "$hostString:"|cut -d: -f 2`
- if [ -n "$port" ]
- then
- if [ -n "$host" ]
- then
- $i -A INPUT -p tcp --dport $port -s $host -j ACCEPT
- else
- $i -A INPUT -p tcp --dport $port -j ACCEPT
- fi
- else
- $i -A INPUT -s $host -j ACCEPT
- fi
- done
- $i -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- [ $DEBUG -eq 1 ] && $i -A FORWARD -p all -j LOG --log-level debug --log-ip-options --log-prefix "FORWARD REJECTED packet"
- [ $DEBUG -eq 1 ] && $i -A INPUT -p all -j LOG --log-level debug --log-ip-options --log-prefix "INPUT REJECTED packet"
- [ $DEBUG -eq 1 ] && $i -A OUTPUT -p all -j LOG --log-level debug --log-ip-options --log-prefix "OUTPUT REJECTED packet"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
