Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash +x
- ip=/sbin/iptables
- admins=""
- sshers=""
- mysqlrs=""
- tcpservices="443"
- udpservices=""
- # Firewall script for servername
- echo -n ">> Applying iptables rules... "
- ## flushing...
- $ip -F
- $ip -X
- $ip -Z
- $ip -t nat -F
- # default: DROP!
- $ip -P INPUT DROP
- $ip -P OUTPUT DROP
- $ip -P FORWARD DROP
- # filtering...
- # localhost: free pass!
- # $ip -A INPUT -i lo -j ACCEPT
- # $ip -A OUTPUT -o lo -j ACCEPT
- # administration ips: free pass!
- for admin in $admins ; do
- $ip -A INPUT -s $admin -j ACCEPT
- $ip -A OUTPUT -d $admin -j ACCEPT
- done
- # allow ssh access to sshers
- for ssher in $sshers ; do
- $ip -A INPUT -s $ssher -p tcp -m tcp --dport 22 -j ACCEPT
- $ip -A OUTPUT -d $ssher -p tcp -m tcp --sport 22 -j ACCEPT
- done
- # allow access to mysql port to iReport on sugar
- for mysql in $mysqlrs ; do
- $ip -A INPUT -s $mysql -p tcp -m tcp --dport 3306 -j ACCEPT
- $ip -A OUTPUT -d $mysql -p tcp -m tcp --sport 3306 -j ACCEPT
- $ip -A INPUT -s $mysql -p udp -m udp --dport 3306 -j ACCEPT
- $ip -A OUTPUT -d $mysql -p udp -m udp --sport 3306 -j ACCEPT
- done
- # allowed services
- for service in $tcpservices ; do
- $ip -A INPUT -p tcp -m tcp --dport $service -j ACCEPT
- $ip -A OUTPUT -p tcp -m tcp --sport $service -m state --state RELATED,ESTABLISHED -j ACCEPT
- done
- for service in $udpservices ; do
- $ip -A INPUT -p udp -m udp --dport $service -j ACCEPT
- $ip -A OUTPUT -p udp -m udp --sport $service -m state --state RELATED,ESTABLISHED -j ACCEPT
- done
- $ip -A INPUT -j LOG --log-level 4
- $ip -A INPUT -j DROP
- echo "OK. Check rules with iptables -L -n"
- # end :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
