API tools faq
paste
Guest User

Untitled

a guest
Jan 21st, 2018
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.00 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. # Vider les tables et règles perso
  4. /sbin/iptables -t filter -F
  5. /sbin/iptables -t filter -X
  6.  
  7. # Drop du trafic (IN/OUT/forward, scans XMAS et NULL).
  8. /sbin/iptables -P INPUT DROP
  9. /sbin/iptables -P OUTPUT DROP
  10. /sbin/iptables -P FORWARD DROP
  11. /sbin/iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
  12. /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
  13. /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
  14. /sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
  15.  
  16. # Ne pas casser les connexions etablies
  17. /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  18. /sbin/iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  19.  
  20. # ICMP In/Out
  21. /sbin/iptables -t filter -A INPUT -p icmp -j ACCEPT
  22. /sbin/iptables -t filter -A OUTPUT -p icmp -j ACCEPT
  23.  
  24. # DNS In/Out
  25. /sbin/iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
  26. /sbin/iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
  27. /sbin/iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
  28. /sbin/iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
  29.  
  30. # NTP Out
  31. /sbin/iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
  32.  
  33. # Loopback In/Out
  34. /sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
  35. /sbin/iptables -t filter -A OUTPUT -o lo -j ACCEPT
  36.  
  37. # Traffic ssh et web.
  38. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
  39. /sbin/iptables -A OUTPUT -p tcp -i eth0 --dport 22 -j ACCEPT
  40. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
  41. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT
  42. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4431 -j ACCEPT
  43. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4432 -j ACCEPT
  44. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4433 -j ACCEPT
  45. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4434 -j ACCEPT
  46. /sbin/iptables -A INPUT -p tcp -i eth0 --dport 4435 -j ACCEPT
  47.  
  48. exit 0
  49.  
  50. # mv ./iptables /etc/init.d
  51. # chmod +x /etc/init.d/Iptables
  52. # update-rc.d Iptables defaults
  53. # Vérifier au prochain reboot via iptables -L
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!