Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # Automatically generated by Plesk netconf
- #
- set -e
- echo 0 > /proc/sys/net/ipv4/ip_forward
- ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
- (rmmod ipchains) >/dev/null 2>&1 || true
- /sbin/iptables -F
- /sbin/iptables -X
- /sbin/iptables -Z
- /sbin/ip6tables -F
- /sbin/ip6tables -X
- /sbin/ip6tables -Z
- /sbin/iptables -P INPUT DROP
- /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- /sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -m state --state INVALID -j DROP
- /sbin/iptables -P OUTPUT DROP
- /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- /sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
- /sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
- /sbin/iptables -P FORWARD DROP
- /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- /sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
- /sbin/iptables -A FORWARD -m state --state INVALID -j DROP
- /sbin/ip6tables -P INPUT DROP
- /sbin/ip6tables -P OUTPUT DROP
- /sbin/ip6tables -P FORWARD DROP
- /sbin/iptables -A INPUT -i lo -j ACCEPT
- /sbin/iptables -A OUTPUT -o lo -j ACCEPT
- /sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
- /sbin/iptables -t mangle -F
- /sbin/iptables -t mangle -X
- /sbin/iptables -t mangle -Z
- /sbin/ip6tables -t mangle -F
- /sbin/ip6tables -t mangle -X
- /sbin/ip6tables -t mangle -Z
- /sbin/iptables -t mangle -P PREROUTING ACCEPT
- /sbin/iptables -t mangle -P OUTPUT ACCEPT
- /sbin/ip6tables -t mangle -P PREROUTING ACCEPT
- /sbin/ip6tables -t mangle -P OUTPUT ACCEPT
- /sbin/iptables -t mangle -P INPUT ACCEPT
- /sbin/iptables -t mangle -P FORWARD ACCEPT
- /sbin/iptables -t mangle -P POSTROUTING ACCEPT
- /sbin/ip6tables -t mangle -P INPUT ACCEPT
- /sbin/ip6tables -t mangle -P FORWARD ACCEPT
- /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
- /sbin/iptables -t nat -F
- /sbin/iptables -t nat -X
- /sbin/iptables -t nat -Z
- /sbin/iptables -t nat -P PREROUTING ACCEPT
- /sbin/iptables -t nat -P OUTPUT ACCEPT
- /sbin/iptables -t nat -P POSTROUTING ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 12443 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 12443 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 11443 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 11444 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 11443 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 11444 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 8443 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 8880 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 587 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 465 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 106 -j DROP
- /sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 3306 -j DROP
- /sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 5432 -j DROP
- /sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
- /sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 9008 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 9080 -j DROP
- /sbin/iptables -A INPUT -p udp --dport 137 -j DROP
- /sbin/iptables -A INPUT -p udp --dport 138 -j DROP
- /sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
- /sbin/iptables -A INPUT -p tcp --dport 445 -j DROP
- /sbin/ip6tables -A INPUT -p udp --dport 137 -j DROP
- /sbin/ip6tables -A INPUT -p udp --dport 138 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 139 -j DROP
- /sbin/ip6tables -A INPUT -p tcp --dport 445 -j DROP
- /sbin/iptables -A INPUT -p udp --dport 1194 -j DROP
- /sbin/ip6tables -A INPUT -p udp --dport 1194 -j DROP
- /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
- /sbin/ip6tables -A INPUT -p udp --dport 53 -j ACCEPT
- /sbin/ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT
- /sbin/iptables -A INPUT -p udp -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -j ACCEPT
- /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
- /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
- /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
- /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT
- /sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
- /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j ACCEPT
- /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j ACCEPT
- /sbin/iptables -A INPUT -j DROP
- /sbin/ip6tables -A INPUT -j DROP
- /sbin/iptables -A OUTPUT -j ACCEPT
- /sbin/ip6tables -A OUTPUT -j ACCEPT
- /sbin/iptables -A FORWARD -j DROP
- /sbin/ip6tables -A FORWARD -j DROP
- echo 1 > /proc/sys/net/ipv4/ip_forward
- echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
- chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
- #
- # End of script
- #
Add Comment
Please, Sign In to add comment