Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # clear the tables
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A POSTROUTING -o eth0 -s 10.100.10.0/24 -j MASQUERADE
- COMMIT
- *filter
- :FORWARD DROP [0:0]
- :INPUT DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- # 20120331 Roey Katz
- # accept inbond traffic from localhost
- -A INPUT -i lo -j ACCEPT
- # accept inbound traffic from established connections
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # drop any non-standard TCP packets
- -A INPUT -m tcp -p tcp ! --tcp-flags SYN,RST,ACK,FIN SYN -j DROP
- # allow SSH
- -A INPUT -p tcp --dport 22 -j ACCEPT
- # allow sending out on IRC
- -A OUTPUT -p tcp -m multiport --dports 54000:54019 -j ACCEPT
- # Allow Yahoo Chat
- # -A INPUT -p tcp --dport 5050 -j ACCEPT
- # Allow OpenVPN
- -A INPUT -p tcp --dport 1194 -j ACCEPT
- -A INPUT -p udp --dport 1194 -j ACCEPT
- # temporary workaround for places that don't let me SSH into my box:
- ## -A INPUT -p tcp --dport 443 -j ACCEPT
- # enable natting for the openvpn server
- #-A POSTROUTING -t nat -s 10.100.10.0/24 -o eth0 -j MASQUERADE
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement