API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 16th, 2017
183
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.79 KB | None | 0 0
raw download clone embed print report
  1. ##Sections 1 2 4 and 5 are firewall.
  2. # Drop all fragments
  3. -A INPUT -f -j DROP
  4. # Drop XMAS packets
  5. -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
  6. # Drop NULL packets
  7. -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
  8. ## Section 3
  9. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  10. ### Syst
  11. # rules
  12. ###Block access to the modem to everyone expect one Mac Address
  13. iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
  14. iptables -I INPUT -i br0 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
  15. iptables -I INPUT -i br0 -p tcp --dport www -j REJECT --reject-with tcp-reset
  16. iptables -I INPUT -i br0 -p tcp --dport https -j REJECT --reject-with tcp-reset
  17. ///REPLACE AA:BB:CC etc with the mac address you gonna use to access the router
  18. insmod xt_mac #k2.6 module name
  19. insmod ipt_mac #k2.4 module name
  20. iptables -I INPUT -p tcp --dport 22 -m mac ! --mac-source AA:BB:CC:DD:EE:FF -j REJECT --reject-with tcp-reset
  21. iptables -I INPUT -p tcp --dport 23 -m mac ! --mac-source AA:BB:CC:DD:EE:FF -j REJECT --reject-with tcp-reset
  22. iptables -I INPUT -p tcp --dport 80 -m mac ! --mac-source AA:BB:CC:AA:BB:CC -j REJECT --reject-with tcp-reset
  23. #Web Access, DNS, VPN
  24. iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443,53,501,502,55,2053,5553,5353 -j ACCEPT
  25. iptables -I FORWARD 2 -p udp -m multiport --dports 443,53,500,4500,1197,1198,55,2053,5553,5353 -j ACCEPT
  26. #Force everyone using your router to use the DNS configured in the router and override the ones configured in devices/computers.
  27. iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
  28. iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
  29. #Block access to the modem
  30. iptables -I FORWARD -d 192.168.100.1 -j DROP with tcp-reset
  31. ///Games
  32. ///Steam
  33. iptables -I FORWARD 3 -p tcp -m multiport --dports 27015:27030,27036,27037 -j ACCEPT
  34. iptables -I FORWARD 4 -p udp -m multiport --dports 27000:27030,27031,27036,4380,3478,4379,4380 -j ACCEPT
  35. ///SFV_USF4
  36. iptables -I FORWARD 5 -p tcp -m multiport --dports 3478:3480,20002,30840,30870,6881:6889 -j ACCEPT7
  37. iptables -I FORWARD 6 -p udp -m multiport --dports 3478:3479,30840:30859,30870:30879 -j ACCEPT
  38. ///Battle.net & Overwatch
  39. iptables -I FORWARD 7 -p tcp -m multiport --dports 1119,8999,1120,3724,4000,6112,6113,6114 -j ACCEPT
  40. iptables -I FORWARD 8 -p udp -m multiport --dports 5223, 5228, 4244, 5242, 5222,1119,1120,3724,4000,6112,6113,6114,6250,5062,5060,12000:64000,3478,3479 -j ACCEPT
  41. iptables -I FORWARD 9 -m state --state ESTABLISHED,RELATED -j ACCEPT
  42. iptables -I FORWARD 10 -j DROP
  43. ## Section 4
  44. -A INPUT -j LOG --log-level 7 --log-prefix "IPTABLES Dropped: "
  45. -A INPUT -j DROP
  46. ## Section 5
  47. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  48. iptables -A INPUT -m state --state NEW -i ! WAN0 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!