Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- set -x
- # 1. Delete all existing rules
- iptables -F
- iptables -t nat -F
- # 2. Set default chain policies
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- # 3. Allow incoming SSH
- iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
- # 4. Allow incoming HTTP
- iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
- # 5. Forward 25565 to Resolving Connector Server
- iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25565 -j DNAT --to-destination 172.16.0.116:25565
- iptables -A FORWARD -p tcp -d 172.16.0.116 --dport 25565 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- # 6. Block SSH after 3 wrong passwords
- iptables -N SSH_CHECK
- iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
- iptables -A SSH_CHECK -m recent --set --name SSH
- iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
