Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # Vider les tables et règles perso
- /sbin/iptables -t filter -F
- /sbin/iptables -t filter -X
- # Drop du trafic (IN/OUT/forward, scans XMAS et NULL).
- /sbin/iptables -P INPUT DROP
- /sbin/iptables -P OUTPUT DROP
- /sbin/iptables -P FORWARD DROP
- /sbin/iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
- /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
- /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
- /sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
- # Ne pas casser les connexions etablies
- /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- /sbin/iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # ICMP In/Out
- /sbin/iptables -t filter -A INPUT -p icmp -j ACCEPT
- /sbin/iptables -t filter -A OUTPUT -p icmp -j ACCEPT
- # DNS In/Out
- /sbin/iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
- /sbin/iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
- /sbin/iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
- /sbin/iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
- # NTP Out
- /sbin/iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
- # Loopback In/Out
- /sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
- /sbin/iptables -t filter -A OUTPUT -o lo -j ACCEPT
- # Traffic ssh et web.
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
- /sbin/iptables -A OUTPUT -p tcp -i eth0 --dport 22 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4431 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4432 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4433 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4434 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4435 -j ACCEPT
- exit 0
- # mv ./iptables /etc/init.d
- # chmod +x /etc/init.d/Iptables
- # update-rc.d Iptables defaults
- # Vérifier au prochain reboot via iptables -L
Add Comment
Please, Sign In to add comment