daily pastebin goal
0%
SHARE
TWEET

Untitled

a guest Apr 16th, 2018 111 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. #
  3. # Watch me mess this up.
  4. #
  5. # Topology ftw
  6. #
  7. #       +----------+
  8. #       | PC 1     +<---+                                      
  9. #       +----------+    |                                      
  10. #                       |                                       +------------------+
  11. #       +----------+    |       +-----------+  192.168.0.1:eth0 |                  |
  12. #       | PC 2     +<---+------>+ Switch    +<----------------->+ Linux Firewall   |                                            +--+pr0n
  13. #       +----------+    |       +-----------+           (LAN)   |                  | Ethernet   +-------+                       |
  14. #                       |                                       |         DHCP:eth2+<---------->+ Modem +<---+ISP+---+Internet+-+--+torrents
  15. #       +----------+    |                                       |           (WAN)  |            +-------+                       |
  16. #       | PC 3     +<---+                                       +------------------+                                            +--+lolcatz
  17. #       +----------+
  18. #
  19. # /Topolgy ftl
  20. #      
  21. # Scripting ftw
  22. #
  23. # Flush tables
  24. #
  25. iptables -F
  26. iptables -t nat -F
  27. iptables -t mangle -F
  28. iptables -X
  29.  
  30. # Allow esdtablished connections
  31. iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  32. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  33.  
  34.  
  35. # Allow loopback (127.0.01) traffic
  36. iptables -A INPUT -i lo -j ACCEPT
  37. iptables -A OUTPUT -o lo -j ACCEPT
  38.  
  39. # Allow established connections, and those not coming from the outside
  40.  
  41. #
  42. # WAN emergency stop
  43.  
  44. #iptables -A INPUT -i eth2 -j DROP
  45.  
  46. # Accept DHCP requests
  47. iptables -A INPUT -i eth0 -p udp --sport 68 --dport 67 -j ACCEPT
  48.  
  49.  
  50. #
  51. #
  52. # Drops
  53. #
  54. #
  55.  
  56.  
  57. # Kazaa probes
  58. iptables -A INPUT -p tcp -m tcp --dport 1214 -j DROP
  59. iptables -A INPUT -p udp -m udp --dport 1214 -j DROP
  60.  
  61.  
  62. #
  63. #
  64. # Logs
  65. #
  66. #
  67.  
  68. # LOW/HIGH TCP/UDP CONNECTION (log'd)
  69. iptables -A INPUT -p tcp --dport 0:1023 -m state --state NEW -j LOG --log-prefix "LOW PORT TCP CONNECTION: "
  70. #iptables -A INPUT -p udp -m state --state NEW --dport 0:1023 -j LOG --log-prefix "LOW PORT UDP CONNECTION: "
  71. #iptables -A INPUT -p tcp -m state --state NEW --dport 1024:65535 -j LOG --log-prefix "HIGH PORT UDP CONNECTION: "
  72. iptables -A INPUT -p udp -m state --state NEW --dport 1024:65535 -j LOG --log-prefix "HIGH PORT UDP CONNECTION:"
  73. # IMPROPER TAG FRAME (log'd)
  74. #iptables -A INPUT -p tcp --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "NEW NOT SYN: "
  75.  
  76. # Log pings
  77. iptables -A INPUT -p icmp -j LOG --log-prefix "ECHO: "
  78.  
  79. #
  80. #
  81. # Accepts
  82. #
  83. #
  84.  
  85. # Accept DNS queries (hopefully)
  86. iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
  87.  
  88. # Accept ssh
  89. iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
  90.  
  91. # Accept ntp
  92. iptables -A INPUT -p udp --sport 123 -j ACCEPT
  93.  
  94. # Accept BitTorrent
  95. iptables -A INPUT -p tcp --sport 43067 -j ACCEPT
  96. #iptables -A FORWARD -s 192.168.1.133 -p tcp --dport 43067:43083 -j ACCEPT
  97. iptables -A FORWARD -s 192.168.1.122 -p tcp --dport 43084:43092 -j ACCEPT
  98.  
  99.  
  100. # Set policy
  101. iptables -P INPUT DROP
  102. iptables -P FORWARD DROP
  103.  
  104. # NAT
  105. iptables -t nat -A POSTROUTING -s 192.168.1.0/25 -j MASQUERADE
  106. iptables -t nat -A PREROUTING -p tcp --dport 43067:43083 -j DNAT --to-destination 192.168.0.133
  107. iptables -t nat -A PREROUTING -p tcp --dport 43084:43092 -j DNAT --to-destination 192.168.0.122
  108.  
  109. # Ok forwarding with the system
  110. echo 1 > /proc/sys/net/ipv4/ip_forward
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top