Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##Sections 1 2 4 and 5 are firewall.
- # Drop all fragments
- -A INPUT -f -j DROP
- # Drop XMAS packets
- -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
- # Drop NULL packets
- -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
- ## Section 3
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- ### Syst
- # rules
- ###Block access to the modem to everyone expect one Mac Address
- iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
- iptables -I INPUT -i br0 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
- iptables -I INPUT -i br0 -p tcp --dport www -j REJECT --reject-with tcp-reset
- iptables -I INPUT -i br0 -p tcp --dport https -j REJECT --reject-with tcp-reset
- ///REPLACE AA:BB:CC etc with the mac address you gonna use to access the router
- insmod xt_mac #k2.6 module name
- insmod ipt_mac #k2.4 module name
- iptables -I INPUT -p tcp --dport 22 -m mac ! --mac-source AA:BB:CC:DD:EE:FF -j REJECT --reject-with tcp-reset
- iptables -I INPUT -p tcp --dport 23 -m mac ! --mac-source AA:BB:CC:DD:EE:FF -j REJECT --reject-with tcp-reset
- iptables -I INPUT -p tcp --dport 80 -m mac ! --mac-source AA:BB:CC:AA:BB:CC -j REJECT --reject-with tcp-reset
- #Web Access, DNS, VPN
- iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443,53,501,502,55,2053,5553,5353 -j ACCEPT
- iptables -I FORWARD 2 -p udp -m multiport --dports 443,53,500,4500,1197,1198,55,2053,5553,5353 -j ACCEPT
- #Force everyone using your router to use the DNS configured in the router and override the ones configured in devices/computers.
- iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
- iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
- #Block access to the modem
- iptables -I FORWARD -d 192.168.100.1 -j DROP with tcp-reset
- ///Games
- ///Steam
- iptables -I FORWARD 3 -p tcp -m multiport --dports 27015:27030,27036,27037 -j ACCEPT
- iptables -I FORWARD 4 -p udp -m multiport --dports 27000:27030,27031,27036,4380,3478,4379,4380 -j ACCEPT
- ///SFV_USF4
- iptables -I FORWARD 5 -p tcp -m multiport --dports 3478:3480,20002,30840,30870,6881:6889 -j ACCEPT7
- iptables -I FORWARD 6 -p udp -m multiport --dports 3478:3479,30840:30859,30870:30879 -j ACCEPT
- ///Battle.net & Overwatch
- iptables -I FORWARD 7 -p tcp -m multiport --dports 1119,8999,1120,3724,4000,6112,6113,6114 -j ACCEPT
- iptables -I FORWARD 8 -p udp -m multiport --dports 5223, 5228, 4244, 5242, 5222,1119,1120,3724,4000,6112,6113,6114,6250,5062,5060,12000:64000,3478,3479 -j ACCEPT
- iptables -I FORWARD 9 -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -I FORWARD 10 -j DROP
- ## Section 4
- -A INPUT -j LOG --log-level 7 --log-prefix "IPTABLES Dropped: "
- -A INPUT -j DROP
- ## Section 5
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A INPUT -m state --state NEW -i ! WAN0 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement