Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- service iptables restart
- iptables -F
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT DROP
- # Activando estados
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Pasarela
- iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
- iptables -A INPUT -i eth1 -s 10.110.3.0/24 -p icmp -m state --state NEW -j ACCEPT
- iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
- iptables -A INPUT -p tcp -m multiport --dport 80,443,8443 -m state --state NEW -j ACCEPT
- iptables -A INPUT -p tcp --dport 22 -d 10.110.3.1 -m state --state NEW -j ACCEPT
- # Red Interna
- iptables -A FORWARD -p icmp -i eth1 -s 10.110.3.0/24 -m state --state NEW -j ACCEPT
- iptables -A FORWARD -p udp --dport 53 -m state --state NEW -j ACCEPT
- iptables -A FORWARD -p tcp -m multiport --dport 80,443,8443 -m state --state NEW -j ACCEPT
- iptables -A FORWARD -p tcp --dport 22 -d 10.110.1.24 -m state --state NEW -j ACCEPT
- # Salida
- iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT
- iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
- iptables -A OUTPUT -p tcp -m multiport --dport 80,443,8443 -m state --state NEW -j ACCEPT
- # FALTA LOG
- iptables -A FORWARD -p tcp --dport 22 -m state --state NEW -j LOG --log-prefix "SSH_ATEMPTS"
- iptables-save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
