Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- I="/sbin/iptables"
- function flush(){
- $I --table filter --flush
- $I --table nat --flush
- $I --table mangle --flush
- $I --table raw --flush
- $I --table security --flush
- $I --delete-chain
- $I --table filter --policy INPUT DROP
- $I --table filter --policy OUTPUT DROP
- $I --table filter --policy FORWARD DROP
- }
- function lo() {
- $I --table filter -A INPUT --protocol all --source localhost ! --in-interface lo --jump DROP
- $I --table filter -A INPUT --in-interface lo --protocol all --jump ACCEPT
- $I -A OUTPUT --out-interface lo --protocol all --jump ACCEPT
- $I -A FORWARD --in-interface lo --out-interface lo -protocol all --jump ACCEPT
- }
- function nat() {
- $I --table nat -A POSTROUTING --source 10.20.0.0/24 --jump MASQUERADE
- $I --table nat -A POSTROUTING --source 10.30.0.0/24 --jump MASQUERADE
- }
- function icmp() {
- $I -A INPUT --protocol icmp --jump ACCEPT
- $I -A OUTPUT --protocol icmp --jump ACCEPT
- $I -A FORWARD --protocol icmp --jump ACCEPT
- }
- function router() {
- $I -A INPUT --protocol all --jump ACCEPT
- $I -A OUTPUT --protocol all --jump ACCEPT
- $I -A FORWARD --protocol all --jump ACCEPT
- }
- flush
- lo
- nat
- icmp
- router
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
