API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 16th, 2012
673
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.91 KB | None | 0 0
raw download clone embed print report diff
  1. echo 1 > /proc/sys/net/ipv4/ip_forward
  2.  
  3. # Flush tables
  4. iptables -F
  5. iptables -t nat -F
  6.  
  7. # Set policies
  8. iptables -P INPUT DROP
  9. iptables -P OUTPUT DROP
  10. iptables -P FORWARD DROP
  11.  
  12. # NAT
  13. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  14. iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
  15.  
  16. # Allow INPUT for existing connections
  17. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  18.  
  19. # Allow HTTP from internal network?
  20. iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT
  21. iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 443 -j ACCEPT
  22.  
  23. # Outbound rules for DNS (d'oh)
  24. iptables -A OUTPUT -o eth0 -p tcp --dport 53 -j ACCEPT
  25. iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
  26.  
  27. # Access to device services from inside only
  28. iptables -A INPUT -i eth1 -d 172.16.0.1 -j ACCEPT
  29. iptables -A OUTPUT -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!