API tools faq
paste
Advertisement
Guest User

Plesk Firewall Rules

a guest
Jun 5th, 2017
262
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 9.25 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #ATTENTION!
  3. #
  4. #DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
  5. #SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
  6.  
  7. set -e
  8.  
  9. echo 0 > /proc/sys/net/ipv4/ip_forward
  10. ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
  11. (rmmod ipchains) >/dev/null 2>&1 || true
  12.  
  13. apply_rule()
  14. {
  15.     iptables_bin="$1"
  16.     shift
  17.  
  18.     iptables_version=`/sbin/iptables --version | awk -F '.' '{print $2$3}'`
  19.  
  20.     # Use the native --wait option since v1.4.20
  21.     if [ $iptables_version -gt 420 ]; then
  22.         $iptables_bin -w $@ 2>/dev/null
  23.         return $?
  24.     fi
  25.  
  26.     # Emulate --wait for elderly versions
  27.     for i in `seq 10`; do
  28.         $iptables_bin $@ 2>&1 | grep -q xtable || return 0
  29.         sleep 1
  30.     done
  31.  
  32.     return 1
  33. }
  34.  
  35. /sbin/iptables-save  -t filter | grep -- "-A INPUT" |  grep -v "fail2ban-\|f2b-" | sed -e "s#^-A#apply_rule /sbin/iptables -D#g" | xargs -0 echo -e "`declare -f apply_rule`\n" | /bin/bash
  36.  
  37. apply_rule /sbin/iptables -F FORWARD
  38. apply_rule /sbin/iptables -F OUTPUT
  39. apply_rule /sbin/iptables -Z FORWARD
  40. apply_rule /sbin/iptables -Z OUTPUT
  41.  
  42. apply_rule /sbin/iptables -P INPUT DROP
  43. apply_rule /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  44. apply_rule /sbin/iptables -A INPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  45. apply_rule /sbin/iptables -A INPUT -m state --state INVALID -j DROP
  46. apply_rule /sbin/iptables -P OUTPUT DROP
  47. apply_rule /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  48. apply_rule /sbin/iptables -A OUTPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  49. apply_rule /sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
  50. apply_rule /sbin/iptables -P FORWARD DROP
  51. apply_rule /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  52. apply_rule /sbin/iptables -A FORWARD -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  53. apply_rule /sbin/iptables -A FORWARD -m state --state INVALID -j DROP
  54.  
  55. apply_rule /sbin/iptables -A INPUT -i lo  -j ACCEPT
  56. apply_rule /sbin/iptables -A OUTPUT -o lo -j ACCEPT
  57. apply_rule /sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
  58.  
  59. apply_rule /sbin/iptables -t mangle -F
  60. apply_rule /sbin/iptables -t mangle -Z
  61. apply_rule /sbin/iptables -t mangle -P PREROUTING ACCEPT
  62. apply_rule /sbin/iptables -t mangle -P OUTPUT ACCEPT
  63. apply_rule /sbin/iptables -t mangle -P INPUT ACCEPT
  64. apply_rule /sbin/iptables -t mangle -P FORWARD ACCEPT
  65. apply_rule /sbin/iptables -t mangle -P POSTROUTING ACCEPT
  66.  
  67. /sbin/ip6tables-save  -t filter | grep -- "-A INPUT" |  grep -v "fail2ban-\|f2b-" | sed -e "s#^-A#apply_rule /sbin/ip6tables -D#g" | xargs -0 echo -e "`declare -f apply_rule`\n" | /bin/bash
  68.  
  69. apply_rule /sbin/ip6tables -F FORWARD
  70. apply_rule /sbin/ip6tables -F OUTPUT
  71. apply_rule /sbin/ip6tables -Z FORWARD
  72. apply_rule /sbin/ip6tables -Z OUTPUT
  73.  
  74. apply_rule /sbin/ip6tables -P INPUT DROP
  75. apply_rule /sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  76. apply_rule /sbin/ip6tables -A INPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  77. apply_rule /sbin/ip6tables -A INPUT -m state --state INVALID -j DROP
  78. apply_rule /sbin/ip6tables -P OUTPUT DROP
  79. apply_rule /sbin/ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  80. apply_rule /sbin/ip6tables -A OUTPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  81. apply_rule /sbin/ip6tables -A OUTPUT -m state --state INVALID -j DROP
  82. apply_rule /sbin/ip6tables -P FORWARD DROP
  83. apply_rule /sbin/ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  84. apply_rule /sbin/ip6tables -A FORWARD -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  85. apply_rule /sbin/ip6tables -A FORWARD -m state --state INVALID -j DROP
  86.  
  87. apply_rule /sbin/ip6tables -A INPUT -i lo  -j ACCEPT
  88. apply_rule /sbin/ip6tables -A OUTPUT -o lo -j ACCEPT
  89. apply_rule /sbin/ip6tables -A FORWARD -i lo -o lo -j ACCEPT
  90.  
  91. apply_rule /sbin/ip6tables -t mangle -F
  92. apply_rule /sbin/ip6tables -t mangle -Z
  93. apply_rule /sbin/ip6tables -t mangle -P PREROUTING ACCEPT
  94. apply_rule /sbin/ip6tables -t mangle -P OUTPUT ACCEPT
  95. apply_rule /sbin/ip6tables -t mangle -P INPUT ACCEPT
  96. apply_rule /sbin/ip6tables -t mangle -P FORWARD ACCEPT
  97. apply_rule /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
  98.  
  99.  
  100. apply_rule /sbin/iptables -t nat -F
  101. apply_rule /sbin/iptables -t nat -Z
  102. apply_rule /sbin/iptables -t nat -P PREROUTING ACCEPT
  103. apply_rule /sbin/iptables -t nat -P OUTPUT ACCEPT
  104. apply_rule /sbin/iptables -t nat -P POSTROUTING ACCEPT
  105.  
  106. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
  107. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT
  108.  
  109. apply_rule /sbin/iptables -A INPUT -p tcp --dport 12443 -j ACCEPT
  110. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 12443 -j ACCEPT
  111.  
  112. apply_rule /sbin/iptables -A INPUT -p tcp --dport 11443 -j ACCEPT
  113. apply_rule /sbin/iptables -A INPUT -p tcp --dport 11444 -j ACCEPT
  114. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 11443 -j ACCEPT
  115. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 11444 -j ACCEPT
  116.  
  117. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
  118. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT
  119.  
  120. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
  121. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
  122. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8443 -j ACCEPT
  123. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8880 -j ACCEPT
  124.  
  125. apply_rule /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  126. apply_rule /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  127. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
  128. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
  129.  
  130. apply_rule /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
  131. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT
  132.  
  133. apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
  134. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -j DROP
  135.  
  136. apply_rule /sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT
  137. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 587 -j ACCEPT
  138.  
  139. apply_rule /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
  140. apply_rule /sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
  141. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
  142. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 465 -j ACCEPT
  143.  
  144. apply_rule /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
  145. apply_rule /sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
  146. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
  147. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT
  148.  
  149. apply_rule /sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
  150. apply_rule /sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
  151. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
  152. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT
  153.  
  154. apply_rule /sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT
  155. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 106 -j ACCEPT
  156.  
  157. apply_rule /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
  158. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 3306 -j ACCEPT
  159.  
  160. apply_rule /sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
  161. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 5432 -j ACCEPT
  162.  
  163. apply_rule /sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
  164. apply_rule /sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT
  165. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 9008 -j ACCEPT
  166. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 9080 -j ACCEPT
  167.  
  168. apply_rule /sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
  169. apply_rule /sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
  170. apply_rule /sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
  171. apply_rule /sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT
  172. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 137 -j ACCEPT
  173. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 138 -j ACCEPT
  174. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 139 -j ACCEPT
  175. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 445 -j ACCEPT
  176.  
  177. apply_rule /sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
  178. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 1194 -j ACCEPT
  179.  
  180. apply_rule /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
  181. apply_rule /sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
  182. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 53 -j ACCEPT
  183. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT
  184.  
  185. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
  186. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
  187. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
  188. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT
  189.  
  190. apply_rule /sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
  191. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j ACCEPT
  192. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j ACCEPT
  193.  
  194. apply_rule /sbin/iptables -A INPUT -j DROP
  195. apply_rule /sbin/ip6tables -A INPUT -j DROP
  196.  
  197. apply_rule /sbin/iptables -A OUTPUT -j ACCEPT
  198. apply_rule /sbin/ip6tables -A OUTPUT -j ACCEPT
  199.  
  200. apply_rule /sbin/iptables -A FORWARD -j DROP
  201. apply_rule /sbin/ip6tables -A FORWARD -j DROP
  202.  
  203. echo 1 > /proc/sys/net/ipv4/ip_forward
  204. #
  205. # End of script
  206. #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!