API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 30th, 2014
594
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.27 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. IPT="/sbin/iptables"
  4.  
  5. $IPT -F
  6. $IPT -X
  7. $IPT -Z
  8.  
  9. $IPT -P INPUT ACCEPT
  10. $IPT -P OUTPUT ACCEPT
  11. $IPT -P FORWARD DROP
  12. $IPT -F INPUT
  13. $IPT -F OUTPUT
  14. $IPT -F FORWARD
  15.  
  16.  
  17. # l2top
  18. L2TOP=91.121.37.31
  19.  
  20. #SITE
  21. $IPT -A INPUT -p tcp -i eth0 --dport 80 -m connlimit --connlimit-above 3 -j DROP
  22. $IPT -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
  23.  
  24. # Stat
  25. WEBCMS=127.0.0.1
  26.  
  27. $IPT -A INPUT -s 127.0.0.1/255.0.0.0 ! -i lo -j DROP
  28. $IPT -A INPUT -i lo -j ACCEPT
  29.  
  30. $IPT -A INPUT -m conntrack --ctstate INVALID -j DROP
  31. $IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  32.  
  33. #Panel
  34. iptables -I INPUT -p tcp -i eth0 -s 109.254.0.0/16 --dport 10000 -j ACCEPT
  35.  
  36. ###L2top
  37. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $L2TOP --dport 2106 -j ACCEPT
  38. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $L2TOP --dport 7777 -j ACCEPT
  39. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $L2TOP --dport 2107 -j ACCEPT
  40. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $L2TOP --dport 8888 -j ACCEPT
  41.  
  42. ###Stat
  43. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $WEBCMS --dport 2106 -j ACCEPT
  44. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $WEBCMS --dport 7777 -j ACCEPT
  45. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $WEBCMS --dport 2107 -j ACCEPT
  46. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s $WEBCMS --dport 8888 -j ACCEPT
  47.  
  48.  
  49. ###MySQL
  50. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s 127.0.0.1 --dport 3306 -j ACCEPT
  51. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s 109.254.0.0/16 --dport 3306 -j ACCEPT
  52. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s 176.31.1.176 --dport 3306 -j ACCEPT
  53. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s 178.158.130.55 --dport 3306 -j ACCEPT
  54.  
  55. ###SSH
  56. ###$IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 -s 109.254.0.0/16 --dport 22 -j ACCEPT
  57. $IPT -A INPUT -m conntrack --ctstate NEW -p tcp -i eth0 --dport 15914 -j ACCEPT
  58.  
  59. ###Users
  60. $IPT -A INPUT -p tcp -i eth0 --dport 2106 -m connlimit --connlimit-above 3 -j DROP
  61. $IPT -A INPUT -p tcp -i eth0 --dport 2106 -j ACCEPT
  62. $IPT -A INPUT -p tcp -i eth0 --dport 7777 -m connlimit --connlimit-above 3 -j DROP
  63. $IPT -A INPUT -p tcp -i eth0 --dport 7777 -j ACCEPT
  64.  
  65. $IPT -A INPUT -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!