Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # iptables suchen
- iptables=`which iptables`
- # wenn iptables nicht installiert abbrechen
- test -f $iptables || exit 0
- case "$1" in
- start)
- echo "Starte Firewall..."
- # alle Regeln l�schen
- $iptables -t nat -F
- $iptables -t filter -F
- $iptables -X
- $iptables -A FORWARD -o eth1 -i eth0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
- $iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- #http
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
- #skype
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128
- #smtp
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 3128
- #pop3
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j REDIRECT --to-port 3128
- #imap
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 993 -j REDIRECT --to-port 3128
- #realplayer
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 7070 -j REDIRECT --to-port 3128
- $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 554 -j REDIRECT --to-port 3128
- $iptables -t nat -A PREROUTING -i eth0 -p udp --dport 6970 -j REDIRECT --to-port 3128
- $iptables -t nat -A PREROUTING -i eth0 -p udp --dport 7170 -j REDIRECT --to-port 3128
- #kaspersky
- $iptables -t nat -A PREROUTING -i eth0 -p udp --dport 15000 -j REDIRECT --to-port 3128
- $iptables -t nat -A PREROUTING -i eth0 -p udp --dport 15001 -j REDIRECT --to-port 3128
- ;;
- stop)
- echo "Stoppe Firewall..."
- $iptables -t nat -F
- $iptables -t filter -F
- $iptables -X
- $iptables -P INPUT ACCEPT
- $iptables -P OUTPUT ACCEPT
- $iptables -P FORWARD ACCEPT
- ;;
- restart|reload|force-reload)
- $0 stop
- $0 start
- ;;
- *)
- echo "Usage: /etc/init.d/firewall (start|stop)"
- exit 1
- ;;
- esac
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
