API tools faq
paste
Advertisement
Guest User

iptables

a guest
Jun 8th, 2015
659
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.11 KB | None | 0 0
raw download clone embed print report
  1. # ======================================================================================
  2. # DEFAULT RULES
  3. # ======================================================================================
  4.    
  5.   iptables -X
  6.   iptables -X -t nat
  7.   iptables -X -t mangle
  8.  
  9.   iptables -F
  10.   iptables -F -t nat
  11.   iptables -F -t mangle
  12.  
  13.   iptables -P INPUT DROP
  14.   iptables -P OUTPUT ACCEPT
  15.   iptables -P FORWARD DROP
  16.  
  17. # ======================================================================================
  18. # INPUT RULES
  19. # ======================================================================================
  20.    
  21.   iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  22.    
  23.   # Loop Back
  24.   iptables -A INPUT -i lo -j ACCEPT
  25.  
  26.   # ICMP proto (type 8)
  27.   iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
  28.   iptables -A INPUT -i tun+ -p icmp --icmp-type echo-request -j ACCEPT
  29.  
  30.   # SMTP
  31.   iptables -A INPUT -i eth0 -p TCP -m multiport --dport 25,465,587 -j ACCEPT
  32.   iptables -A INPUT -i tun+ -p TCP -m multiport --dport 25,465,587 -j ACCEPT
  33.  
  34.   # IMAP
  35.   iptables -A INPUT -i eth0 -s 22.22.22.22  -p TCP -m multiport --dport 143,993 -j ACCEPT
  36.   iptables -A INPUT -i tun+ -s 10.20.30.0/24 -p TCP -m multiport --dport 143,993 -j ACCEPT
  37.  
  38.   # POP3
  39.   iptables -A INPUT -i eth0 -s 22.22.22.22  -p TCP -m multiport --dport 110,995 -j ACCEPT
  40.   iptables -A INPUT -i tun+ -s 10.20.30.0/24 -p TCP -m multiport --dport 110,995 -j ACCEPT
  41.  
  42.   # MySQL
  43.   iptables -A INPUT -i eth0 -s 22.22.22.22  -p TCP --dport 3306 -j ACCEPT
  44.  
  45.   # HTTP
  46.   iptables -A INPUT -i eth0 -s 22.22.22.22 -p TCP -m multiport --dport 80,443 -j ACCEPT
  47.  
  48.   # OVPN
  49.   iptables -A INPUT -i eth0 -p TCP --dport 1010 -j ACCEPT
  50.  
  51. # ======================================================================================
  52. # FORWARD RULES
  53. # ======================================================================================
  54.  
  55.   iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  56.  
  57.   iptables -A FORWARD -i tun+ -s 10.20.30.0/24 -o eth0 -j ACCEPT
  58.   iptables -t nat -A POSTROUTING -s 10.20.30.0/24 -o eth0 -j SNAT --to-source 11.11.11.11
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!