API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 14th, 2017
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 1.91 KB | None | 0 0
raw download clone embed print report
  1. ALLOWED_IP=192.168.2.2
  2. OWN_IP=192.168.2.1
  3. OWN_IP_WAN=192.168.1.2
  4. OVPN_IP=178.162.194.30
  5.  
  6. iptables -F
  7. iptables -X
  8.  
  9. iptables -P INPUT DROP
  10. iptables -P OUTPUT DROP
  11.  
  12.  
  13. iptables -A INPUT -i lo -j ACCEPT
  14. iptables -A OUTPUT -o lo -j ACCEPT
  15.  
  16. #### ALLOWED_IP -> OWN_IP
  17. ## Port 22
  18. iptables -A INPUT -i eth0 -p tcp -s $ALLOWED_IP -d $OWN_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
  19. iptables -A OUTPUT -o eth0 -p tcp -s $OWN_IP -d $ALLOWED_IP --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
  20. ## Port 80
  21. iptables -A INPUT -i eth0 -p tcp -s $ALLOWED_IP -d $OWN_IP --sport 513:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
  22. iptables -A OUTPUT -o eth0 -p tcp -s $OWN_IP -d $ALLOWED_IP --sport 80 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
  23. ## Port 443
  24. iptables -A INPUT -i eth0 -p tcp -s $ALLOWED_IP -d $OWN_IP --sport 513:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
  25. iptables -A OUTPUT -o eth0 -p tcp -s $OWN_IP -d $ALLOWED_IP --sport 443 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
  26.  
  27.  
  28. #### OWN_IP -> OpenVPN Provider
  29. ## OpenVPN:
  30. iptables -A INPUT -i eth1  -p udp -s $OVPN_IP -d $OWN_IP_WAN --sport 1149      --dport 513:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
  31. iptables -A OUTPUT -o eth1 -p udp -s $OWN_IP_WAN -d $OVPN_IP --sport 513:65535 --dport 1149      -m state --state NEW,ESTABLISHED -j ACCEPT
  32.  
  33. ## Forward in den Tunnel
  34. iptables -A FORWARD -i eth0 -o tun0 -m state --state NEW,ESTABLISHED -j ACCEPT
  35. iptables -A FORWARD -i tun0 -o eth0 -m state --state ESTABLISHED -j ACCEPT
  36.  
  37. iptables -A FORWARD -i wlan0 -o tun0 -m state --state NEW,ESTABLISHED -j ACCEPT
  38. iptables -A FORWARD -i tun0 -o wlan0 -m state --state ESTABLISHED -j ACCEPT
  39.  
  40. ## Masqueade
  41. iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
  42.  
  43.  
  44. ## Drop everything else
  45. iptables -A INPUT -j DROP
  46. iptables -A OUTPUT -j DROP
  47. iptables -A FORWARD -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!