Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- IPTABLES='/sbin/iptables'
- $IPTABLES -F
- $IPTABLES -X
- $IPTABLES -t nat -F
- $IPTABLES -t nat -X
- $IPTABLES -P INPUT DROP
- $IPTABLES -P FORWARD ACCEPT
- $IPTABLES -P OUTPUT ACCEPT
- # ICMP REJECT ( ping, etc )
- $IPTABLES -A INPUT -p icmp -j REJECT
- # Accept lo ( loopback interface )
- $IPTABLES -A INPUT -i lo -j ACCEPT
- $IPTABLES -A OUTPUT -o lo -j ACCEPT
- # HTTP
- $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
- $IPTABLES -A INPUT -p udp --dport 80 -j ACCEPT
- # E-mail ( pop3, smtp, spop3 )
- $IPTABLES -A INPUT -p tcp -m multiport --dports 25,110,995 -j ACCEPT
- # OpenVPN
- $IPTABLES -A INPUT -m state --state NEW -p tcp --dport 1194 -j ACCEPT
- $IPTABLES -A INPUT -m state --state NEW -p udp --dport 1194 -j ACCEPT
- # DNS
- $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
- $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
- # INETD
- $IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT
- # SSHD
- $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
- $IPTABLES -A INPUT -p udp --dport 22 -j ACCEPT
- $IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- ### Netmegoszt�shoz kell:
- # Internet Sharing. Masquerading VPN traffic to eth0 interface
- # $IPTABLES -t nat -A POSTROUTING -s 10.80.0.0/24 -o eth0 -j MASQUERADE
- # Enabling IP-Forwarding
- # echo "1" > /proc/sys/net/ipv4/ip_forward
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement