Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # place this file in etc
- # and run it with a bash located here /etc/network/if-pre-up.d
- # bash command sudo /sbin/iptables-restore < /etc/iptables.up.rules
- # Generated by iptables-save v1.6.0 on Thu Dec 28 12:35:47 2017
- *filter
- :INPUT ACCEPT [3153:549434]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [2890:317837]
- # Don't forward traffic
- -P FORWARD DROP
- # Allow outgoing traffic
- -P OUTPUT ACCEPT
- # Allow established traffic
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow localhost traffic
- -A INPUT -i lo -j ACCEPT
- #############################
- # MANAGEMENT RULES
- #############################
- # Allow SSH (alternate port)
- -A INPUT -p tcp --dport 22 -j ACCEPT
- #############################
- # ACCESS RULES
- #############################
- # Allow web server
- -A INPUT -p tcp --dport 8123 -j ACCEPT
- -A OUTPUT -p tcp --sport 8123 -j ACCEPT
- -A INPUT -p tcp --dport 80 -j ACCEPT
- -A OUTPUT -p tcp --sport 80 -j ACCEPT
- # Allow DNS
- #Momchi
- -A OUTPUT -p udp -o eth0 -d 93.152.140.187 --sport 53 -j ACCEPT
- -A OUTPUT -p udp -o eth0 -d 93.152.140.187 --dport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -s 93.152.140.187 --sport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -s 93.152.140.187 --dport 53 -j ACCEPT
- #sotex
- -A OUTPUT -p udp -o eth0 -d 78.90.221.75 --sport 53 -j ACCEPT
- -A OUTPUT -p udp -o eth0 -d 78.90.221.75 --dport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -s 78.90.221.75 --sport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -s 78.90.221.75 --dport 53 -j ACCEPT
- # home.masoko.net 46.249.76.212
- -A OUTPUT -p udp -o eth0 -d 46.249.76.212 --sport 53 -j ACCEPT
- -A OUTPUT -p udp -o eth0 -d 46.249.76.212 --dport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -s 46.249.76.212 --sport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -s 46.249.76.212 --dport 53 -j ACCEPT
- #home
- -A OUTPUT -p udp -o eth0 -m iprange --dst-range 192.168.0.1-192.168.0.254 --sport 53 -j ACCEPT
- -A OUTPUT -p udp -o eth0 -m iprange --dst-range 192.168.0.1-192.168.0.254 --dport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -m iprange --src-range 192.168.0.1-192.168.0.254 --sport 53 -j ACCEPT
- -A INPUT -p udp -i eth0 -m iprange --src-range 192.168.0.1-192.168.0.254 --dport 53 -j ACCEPT
- # Allow NTP Assuming you are a CLIENT and want to access NTP servers you'd do:
- -A OUTPUT -p udp --dport 123 -j ACCEPT
- -A INPUT -p udp --sport 123 -j ACCEPT
- # Assuming you want to be a server, you'd do
- -A INPUT -p udp --dport 123 -j ACCEPT
- -A OUTPUT -p udp --sport 123 -j ACCEPT
- #############################
- # DEFAULT DENY
- #############################
- -A INPUT -j DROP
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement