Public Pastes
Guest

Untitled

By: a guest on Jan 28th, 2012  |  syntax: None  |  size: 2.57 KB  |  hits: 21  |  expires: Never
download  |  raw  |  embed  |  report abuse
Copied
  1. #!bin/bash
  2.  
  3. # basic network filtering and natting
  4. #
  5. #
  6. #       Wild | Livebox (   Wi-Fi   )  ath0 | FON | eth0 --- lan
  7. #
  8.  
  9. MODULES="ip_tables \
  10.         ipt_string \
  11.         ip_conntrack \
  12.         ip_conntrack_ftp \
  13.         ip_nat_ftp"
  14.  
  15. EXT_IF="ath0"
  16. INTERNET_NAT="ath0"
  17. INT_IF="eth0"
  18. INT_NET="192.168.42.0/24"
  19. EXT_NET="192.168.1.0/24"
  20.  
  21. IPTABLES=`which iptables`
  22. MODPROBE=`which modprobe`
  23. RED="\033[31m"
  24. GREEN="\033[32m"
  25. YELLOW="\033[33m"
  26. NORMAL="\033[m"
  27. BOLD="\033[1m"
  28.  
  29.  
  30. # erasing oldies
  31. echo -en "${BOLD}${YELLOW}Erasing old rules :${NORMAL}"
  32. ${IPTABLES} -t filter -F INPUT
  33. ${IPTABLES} -t filter -F OUTPUT
  34. ${IPTABLES} -t filter -F FORWARD
  35. ${IPTABLES} -t nat    -F PREROUTING
  36. ${IPTABLES} -t nat    -F OUTPUT
  37. ${IPTABLES} -t nat    -F POSTROUTING
  38. ${IPTABLES} -t mangle -F PREROUTING
  39. ${IPTABLES} -t mangle -F OUTPUT
  40. echo -e "\t\t\t\t${GREEN}OK${NORMAL}"
  41.  
  42.  
  43. # back to zeros
  44. echo -en "${BOLD}${YELLOW}Reseting to zero :${NORMAL}"
  45. ${IPTABLES} -t filter -Z
  46. ${IPTABLES} -t nat    -Z
  47. ${IPTABLES} -t mangle -Z
  48. echo -e "\t\t\t\t${GREEN}OK${NORMAL}"
  49.  
  50. # default policy : tous au karcher !
  51. echo -en "${BOLD}${YELLOW}Default policy setup :${NORMAL}"
  52. ${IPTABLES} -t filter -P INPUT   DROP
  53. ${IPTABLES} -t filter -P OUTPUT  ACCEPT
  54. ${IPTABLES} -t filter -P FORWARD DROP
  55. echo -e "\t\t\t\t${GREEN}OK${NORMAL}\n"
  56.  
  57.  
  58. # filtering
  59. echo -en "${BOLD}${YELLOW}Setting up the filters :${NORMAL}"
  60. ${IPTABLES} -A INPUT -i lo -j ACCEPT
  61. ${IPTABLES} -A INPUT -i ${EXT_IF} -s ${INT_NET} -j DROP
  62. ${IPTABLES} -A INPUT -i ${INT_IF} -j ACCEPT
  63. # network specific
  64. ${IPTABLES} -A INPUT -i ${INT_IF} -d ${EXT_NET} -j ACCEPT
  65. ${IPTABLES} -A INPUT -i ${INT_IF} -d ${INT_NET} -p udp -j ACCEPT
  66.  
  67. ${IPTABLES} -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  68. ${IPTABLES} -A FORWARD -i ${EXT_IF} -o ${INF_IF} -m state --state RELATED,ESTABLISHED -j ACCEPT
  69. echo -e "\t\t\t${GREEN}OK${NORMAL}"
  70.  
  71.  
  72. # nat
  73. echo -en "${BOLD}${YELLOW}Setting up NAT :${NORMAL}"
  74. ${IPTABLES} -t nat -A POSTROUTING -s ${INT_NET} -o ${EXT_IF} -j MASQUERADE
  75. ${IPTABLES} -A FORWARD -i ${INT_IF} -s ${INT_NET} -j ACCEPT
  76. #${IPTABLES} -A FORWARD -i ${INT_IF} -j ACCEPT
  77. #${IPTABLES} -A FORWARD -i ${EXT_IF} -j ACCEPT
  78. #${IPTABLES} -A FORWARD -i ${INT_IF} -s ${INT_NET} -o ${EXT_IF} -j ACCEPT
  79. echo -e "\t\t\t\t${GREEN}OK${NORMAL}"
  80.  
  81. # letting things out
  82. echo -en "${BOLD}${YELLOW}Letting things out :${NORMAL}"
  83. ${IPTABLES} -A OUTPUT -s ${INT_NET} -o ${EXT_IF} -j ACCEPT
  84. ${IPTABLES} -A OUTPUT -o ${EXT_IF} -j ACCEPT
  85. ${IPTABLES} -A OUTPUT -o ${INT_IF} -p udp -j ACCEPT
  86. echo -e "\t\t\t\t${GREEN}OK${NORMAL}"
  87.  
  88. # end, dropping what's left
  89. ${IPTABLES} -A INPUT -j DROP
create a new version of this paste RAW Paste Data