Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- EXTIF=eth0
- INTIF=eth1
- INTIF2=wlan0
- # delete all existing rules
- iptables -F
- iptables -t nat -F
- iptables -t mangle -F
- iptables -X
- # Always accept loopback traffic
- iptables -A INPUT -i lo -j ACCEPT
- # Allow established connections, and those not coming from the outside
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A INPUT -m state --state NEW -i $INTIF -j ACCEPT
- iptables -A INPUT -m state --state NEW -i $INTIF2 -j ACCEPT
- iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow outgoing connections from the LAN side
- iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
- iptables -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT
- # Connect LANs
- iptables -A FORWARD -i $INTIF -o $INTIF2 -j ACCEPT
- iptables -A FORWARD -i $INTIF2 -o $INTIF -j ACCEPT
- # Masquerade
- iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
- # Don't forward from the outside to the inside
- iptables -A FORWARD -i $EXTIF -o $EXTIF -j REJECT
- iptables -A FORWARD -i $EXTIF -o $INTIF -j REJECT # masked for ssh to LAN
- iptables -A FORWARD -i $EXTIF -o $INTIF2 -j REJECT # masked for ssh to LAN
- # MTU
- iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
- echo 1 > /proc/sys/net/ipv4/ip_forward
- for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
