API tools faq
paste
Guest User

Untitled

a guest
Apr 19th, 2018
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.12 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # Automatically generated by Plesk netconf
  4. #
  5.  
  6. set -e
  7.  
  8. echo 0 > /proc/sys/net/ipv4/ip_forward
  9. ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
  10. (rmmod ipchains) >/dev/null 2>&1 || true
  11. /sbin/iptables -F
  12. /sbin/iptables -X
  13. /sbin/iptables -Z
  14. /sbin/ip6tables -F
  15. /sbin/ip6tables -X
  16. /sbin/ip6tables -Z
  17. /sbin/iptables -P INPUT DROP
  18. /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  19. /sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
  20. /sbin/iptables -A INPUT -m state --state INVALID -j DROP
  21. /sbin/iptables -P OUTPUT DROP
  22. /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  23. /sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
  24. /sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
  25. /sbin/iptables -P FORWARD DROP
  26. /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  27. /sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
  28. /sbin/iptables -A FORWARD -m state --state INVALID -j DROP
  29. /sbin/ip6tables -P INPUT DROP
  30. /sbin/ip6tables -P OUTPUT DROP
  31. /sbin/ip6tables -P FORWARD DROP
  32. /sbin/iptables -A INPUT -i lo -j ACCEPT
  33. /sbin/iptables -A OUTPUT -o lo -j ACCEPT
  34. /sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
  35. /sbin/iptables -t mangle -F
  36. /sbin/iptables -t mangle -X
  37. /sbin/iptables -t mangle -Z
  38. /sbin/ip6tables -t mangle -F
  39. /sbin/ip6tables -t mangle -X
  40. /sbin/ip6tables -t mangle -Z
  41. /sbin/iptables -t mangle -P PREROUTING ACCEPT
  42. /sbin/iptables -t mangle -P OUTPUT ACCEPT
  43. /sbin/ip6tables -t mangle -P PREROUTING ACCEPT
  44. /sbin/ip6tables -t mangle -P OUTPUT ACCEPT
  45. /sbin/iptables -t mangle -P INPUT ACCEPT
  46. /sbin/iptables -t mangle -P FORWARD ACCEPT
  47. /sbin/iptables -t mangle -P POSTROUTING ACCEPT
  48. /sbin/ip6tables -t mangle -P INPUT ACCEPT
  49. /sbin/ip6tables -t mangle -P FORWARD ACCEPT
  50. /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
  51. /sbin/iptables -t nat -F
  52. /sbin/iptables -t nat -X
  53. /sbin/iptables -t nat -Z
  54. /sbin/iptables -t nat -P PREROUTING ACCEPT
  55. /sbin/iptables -t nat -P OUTPUT ACCEPT
  56. /sbin/iptables -t nat -P POSTROUTING ACCEPT
  57.  
  58. /sbin/iptables -A INPUT -p tcp --dport 12443 -j ACCEPT
  59. /sbin/ip6tables -A INPUT -p tcp --dport 12443 -j ACCEPT
  60.  
  61. /sbin/iptables -A INPUT -p tcp --dport 11443 -j ACCEPT
  62. /sbin/iptables -A INPUT -p tcp --dport 11444 -j ACCEPT
  63. /sbin/ip6tables -A INPUT -p tcp --dport 11443 -j ACCEPT
  64. /sbin/ip6tables -A INPUT -p tcp --dport 11444 -j ACCEPT
  65.  
  66. /sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
  67. /sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT
  68.  
  69. /sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
  70. /sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
  71. /sbin/ip6tables -A INPUT -p tcp --dport 8443 -j ACCEPT
  72. /sbin/ip6tables -A INPUT -p tcp --dport 8880 -j ACCEPT
  73.  
  74. /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  75. /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  76. /sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
  77. /sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
  78.  
  79. /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
  80. /sbin/ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT
  81.  
  82. /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  83. /sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
  84.  
  85. /sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT
  86. /sbin/ip6tables -A INPUT -p tcp --dport 587 -j ACCEPT
  87.  
  88. /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
  89. /sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
  90. /sbin/ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
  91. /sbin/ip6tables -A INPUT -p tcp --dport 465 -j ACCEPT
  92.  
  93. /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
  94. /sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
  95. /sbin/ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
  96. /sbin/ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT
  97.  
  98. /sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
  99. /sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
  100. /sbin/ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
  101. /sbin/ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT
  102.  
  103. /sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
  104. /sbin/ip6tables -A INPUT -p tcp --dport 106 -j DROP
  105.  
  106. /sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
  107. /sbin/ip6tables -A INPUT -p tcp --dport 3306 -j DROP
  108.  
  109. /sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP
  110. /sbin/ip6tables -A INPUT -p tcp --dport 5432 -j DROP
  111.  
  112. /sbin/iptables -A INPUT -p tcp --dport 9008 -j DROP
  113. /sbin/iptables -A INPUT -p tcp --dport 9080 -j DROP
  114. /sbin/ip6tables -A INPUT -p tcp --dport 9008 -j DROP
  115. /sbin/ip6tables -A INPUT -p tcp --dport 9080 -j DROP
  116.  
  117. /sbin/iptables -A INPUT -p udp --dport 137 -j DROP
  118. /sbin/iptables -A INPUT -p udp --dport 138 -j DROP
  119. /sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
  120. /sbin/iptables -A INPUT -p tcp --dport 445 -j DROP
  121. /sbin/ip6tables -A INPUT -p udp --dport 137 -j DROP
  122. /sbin/ip6tables -A INPUT -p udp --dport 138 -j DROP
  123. /sbin/ip6tables -A INPUT -p tcp --dport 139 -j DROP
  124. /sbin/ip6tables -A INPUT -p tcp --dport 445 -j DROP
  125.  
  126. /sbin/iptables -A INPUT -p udp --dport 1194 -j DROP
  127. /sbin/ip6tables -A INPUT -p udp --dport 1194 -j DROP
  128.  
  129. /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
  130. /sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
  131. /sbin/ip6tables -A INPUT -p udp --dport 53 -j ACCEPT
  132. /sbin/ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT
  133.  
  134. /sbin/iptables -A INPUT -p udp -j ACCEPT
  135. /sbin/iptables -A INPUT -p tcp -j ACCEPT
  136. /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
  137. /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
  138. /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
  139. /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT
  140.  
  141. /sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
  142. /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j ACCEPT
  143. /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j ACCEPT
  144.  
  145. /sbin/iptables -A INPUT -j DROP
  146. /sbin/ip6tables -A INPUT -j DROP
  147.  
  148. /sbin/iptables -A OUTPUT -j ACCEPT
  149. /sbin/ip6tables -A OUTPUT -j ACCEPT
  150.  
  151. /sbin/iptables -A FORWARD -j DROP
  152. /sbin/ip6tables -A FORWARD -j DROP
  153.  
  154. echo 1 > /proc/sys/net/ipv4/ip_forward
  155. echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
  156. chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
  157. #
  158. # End of script
  159. #
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!