Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######## START /etc/network/if-pre-up.d/cargar_iptables #########
- #!/bin/bash
- /sbin/iptables-restore < /etc/iptables.up.rules
- ######## END /etc/network/if-pre-up.d/cargar_iptables #########
- ######## START /bin/firewall-iptables #########
- #!/bin/bash
- IPT=/sbin/iptables
- if [ $# -eq 1 ]; then
- case $1 in
- start)
- ${IPT}-restore < /etc/iptables.up.rules
- exit $?
- ;;
- stop)
- $IPT -F
- $IPT -X
- $IPT -t nat -F
- $IPT -t nat -X
- $IPT -t mangle -F
- $IPT -t mangle -X
- $IPT -P INPUT ACCEPT
- $IPT -P FORWARD ACCEPT
- $IPT -P OUTPUT ACCEPT
- exit 0
- ;;
- restart)
- echo "Deteniendo firewall-iptables..." ; $0 stop && echo -e "\e[1;32mOK\e[0m"
- echo "Iniciando firewall-iptables..." ; $0 start
- [[ $? -ne 0 ]] && echo -e "\e[1;31mKO\e[0m" && exit $?
- echo -e "\e[1;32mOK\e[0m"
- ;;
- status)
- $IPT -L -n -v
- ;;
- *) echo "Uso: `basename $0` [start|stop|restart|status]"
- ;;
- esac
- else
- echo "Uso: `basename $0` [start|stop|restart|status]"
- fi
- ######## END /bin/firewall-iptables #########
- ######## START /etc/iptables.up.rules #########
- # Interfaces
- # LAN enp0s3
- # TUN tun0
- *nat
- -P POSTROUTING ACCEPT
- -P PREROUTING ACCEPT
- # NAT the VPN client traffic to LAN
- -A POSTROUTING -s 10.8.0.0/24 -o enp0s3 -j MASQUERADE
- COMMIT
- *filter
- # Default Politics
- -P INPUT DROP
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- # Allow traffic between TUN & LAN
- -A FORWARD -i tun+ -o enp0s3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- -A FORWARD -i enp0s3 -o tun+ -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- # Allow apt update/upgrade
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Allowed Services
- -A INPUT -p udp --dport 1194 -j ACCEPT
- -A INPUT -p tcp --dport 22 -j ACCEPT
- -A INPUT -j DROP
- -A FORWARD -j DROP
- -A OUTPUT -j ACCEPT
- COMMIT
- ######## END /etc/iptables.up.rules #########
Add Comment
Please, Sign In to add comment