Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- echo 1 > /proc/sys/net/ipv4/ip_forward
- # Flush tables
- iptables -F
- iptables -t nat -F
- # Set policies
- iptables -P INPUT DROP
- iptables -P OUTPUT DROP
- iptables -P FORWARD DROP
- # NAT
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Allow INPUT for existing connections
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Allow HTTP from internal network?
- iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT
- iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 443 -j ACCEPT
- # Outbound rules for DNS (d'oh)
- iptables -A OUTPUT -o eth0 -p tcp --dport 53 -j ACCEPT
- iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
- # Access to device services from inside only
- iptables -A INPUT -i eth1 -d 172.16.0.1 -j ACCEPT
- iptables -A OUTPUT -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement