Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- IPT=/sbin/iptables
- WANIF=eth0
- LANIF=eth1
- firewall_start() {
- #==================== INPUT ===================
- $IPT -A INPUT -i $WANIF -m state --state ESTABLISHED,RELATED -j ACCEPT
- $IPT -A INPUT -i $WANIF -p tcp --dport 22 -j ACCEPT
- $IPT -A INPUT -i $WANIF -p icmp -j ACCEPT
- $IPT -A INPUT -i $LANIF -j ACCEPT
- $IPT -P INPUT DROP
- #==================== NAT ===================
- $IPT -A POSTROUTING -t nat -o $WANIF -j MASQUERADE
- $IPT -A FORWARD -i $WANIF -p tcp --dport 80 -d 10.0.0.101 -j ACCEPT
- $IPT -A PREROUTING -t nat -j DNAT -i $WANIF -p tcp --dport 80 --to-destination 192.168.1.101:80
- #==================== FORWARD ===================
- $IPT -A FORWARD -i $WANIF -m state --state ESTABLISHED,RELATED -j ACCEPT
- $IPT -A FORWARD -i $LANIF -j ACCEPT
- $IPT -P FORWARD DROP
- }
- firewall_stop() {
- $IPT -F
- $IPT -t nat -F
- $IPT -P INPUT ACCEPT
- $IPT -P FORWARD ACCEPT
- }
- firewall_restart() {
- firewall_stop
- sleep 2
- firewall_start
- }
- case $1 in 'start' )
- firewall_start
- ;;
- 'stop' )
- firewall_stop
- ;;
- 'restart' )
- firewall_restart
- ;;
- *)
- echo "usage: -bash {start|stop|restart}"
- ;;
- esac
- -P INPUT DROP
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -i eth0 -p icmp -j ACCEPT
- -A INPUT -i eth1 -j ACCEPT
- -A FORWARD -d 10.0.0.101/32 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
- -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i eth1 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
