API tools faq
paste
Advertisement
hoanglong

Firewall Iptables

hoanglong
Nov 28th, 2014
229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.12 KB | None | 0 0
raw download clone embed print report
  1. https://github.com/vnlinux/firewall
  2. http://codevl.net/webmaster/hosting-server/huong-dan-cau-hinh-how-to-config-iptables-firewall-tren-centos
  3. http://techblog.vn/domain-hosting-server/cau-hinh-firewall-iptables-tren-centos-redhat-446/
  4. http://wiki.centos.org/HowTos/Network/IPTables
  5.  
  6. https://github.com/vnlinux/firewall
  7.  
  8. file mau /etc/init.d/iptables
  9.  
  10. #!/bin/sh
  11. #
  12. # Startup script to implement /etc/sysconfig/iptables pre-defined rules.
  13.  
  14. IPTABLES=/sbin/iptables
  15. $IPTABLES -F
  16. $IPTABLES -F -t nat
  17.  
  18.  
  19. #/sbin/modprobe ip_conntrack
  20. #/sbin/modprobe ip_conntrack_ftp
  21.  
  22. # Clear any existing firewall stuff before we start
  23. #$IPTABLES --flush
  24. #$IPTABLES -t nat --flush
  25. #$IPTABLES -t mangle --flush
  26. # turn on NAT (IP masquerading for outgoing packets)
  27. $IPTABLES -A POSTROUTING -t nat -o bond0 -j MASQUERADE
  28. $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
  29. $IPTABLES -A POSTROUTING -t nat -o eth1 -j MASQUERADE
  30. $IPTABLES -A POSTROUTING -t nat -o eth2 -j MASQUERADE
  31. $IPTABLES -A POSTROUTING -t nat -o eth3 -j MASQUERADE
  32. $IPTABLES -A POSTROUTING -t nat -o tun0 -j MASQUERADE
  33. $IPTABLES -A POSTROUTING -t nat -o tun1 -j MASQUERADE
  34. $IPTABLES -A POSTROUTING -t nat -o tun2 -j MASQUERADE
  35. $IPTABLES -A POSTROUTING -t nat -o tun3 -j MASQUERADE
  36. $IPTABLES -A POSTROUTING -t nat -o tun4 -j MASQUERADE
  37.  
  38. echo 1 > /proc/sys/net/ipv4/ip_forward
  39. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i bond0 -p icmp
  40. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i bond0 -p tcp
  41. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i bond0 -p udp
  42. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth1 -p icmp
  43. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth1 -p tcp
  44. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth1 -p udp
  45. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth2 -p icmp
  46. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth2 -p tcp
  47. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth2 -p udp
  48. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth3 -p icmp
  49. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth3 -p tcp
  50. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth3 -p udp
  51. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun0 -p icmp
  52. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun0 -p tcp
  53. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun0 -p udp
  54. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun1 -p icmp
  55. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun1 -p tcp
  56. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun1 -p udp
  57. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun2 -p icmp
  58. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun2 -p tcp
  59. $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i tun2 -p udp
  60. $IPTABLES -A FORWARD -i eth3 -j ACCEPT
  61. $IPTABLES -A FORWARD -o eth3 -j ACCEPT
  62.  
  63. #Keepalive
  64. $IPTABLES -I INPUT -i eth2 -d 224.0.0.0/8 -j ACCEPT
  65. $IPTABLES -I INPUT -p vrrp -j ACCEPT
  66. $IPTABLES -A INPUT -p 112 -i eth2 -j ACCEPT
  67. $IPTABLES -A OUTPUT -p 112 -o eth2 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!