daily pastebin goal
0%
SHARE
TWEET

Untitled

a guest Jul 16th, 2018 64 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #
  3. ### BEGIN INIT INFO
  4. # Provides:          firewall
  5. # Required-Start:    $network $syslog
  6. # Required-Stop:     $network $syslog
  7. # Default-Start:     2 3 4 5
  8. # Default-Stop:      0 1 6
  9. # Short-Description: Start and stop the firewall
  10. # Description:       Controls the firewall by adding or flushing rules from iptables
  11. ### END INIT INFO
  12.  
  13. # Check if iptables is available, otherwise exit appropriately
  14. test -x /sbin/iptables || exit 5
  15.  
  16. # Help / usage description
  17. help () {
  18.     echo "Usage: /etc/init.d/firewall {start|stop|restart|reload|force-reload}" >&2
  19. }
  20.  
  21. # Add conntrack modules if they are not loaded yet
  22. modprobe ip_conntrack
  23. modprobe ip_conntrack_ftp
  24.  
  25. # Set default policy
  26. iptables -P INPUT   DROP
  27. iptables -P FORWARD DROP
  28. iptables -P OUTPUT  ACCEPT
  29.  
  30. # Flush current firewall
  31. iptables -F
  32. iptables -X
  33. iptables -t nat -F
  34. iptables -t nat -X
  35. iptables -t mangle -F
  36. iptables -t mangle -X
  37.  
  38. # Create SSH chain
  39. iptables -N SSH
  40. iptables -A SSH -s #### -j ACCEPT
  41. # this chain is a lot longer actually
  42. iptables -A SSH -j DROP
  43.  
  44. # Drop invalid packets
  45. iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
  46.  
  47. # Allow local connections
  48. iptables -A INPUT -i lo -j ACCEPT
  49.  
  50. # Allow all established connections through
  51. iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  52.  
  53. # Allow http(s)
  54. iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
  55.  
  56. # Allow LAN connections
  57. iptables -A INPUT -i eth0 -j ACCEPT
  58.  
  59. # Allow ftp
  60. iptables -A INPUT -m helper --helper ftp -j ACCEPT
  61.  
  62. # Send ssh to the ssh chain
  63. iptables -A INPUT -p tcp -m tcp --dport ssh -j SSH
  64.  
  65. # Allow forwarding on the LAN
  66. iptables -A FORWARD -i eth0 -m conntrack --ctstate NEW -j ACCEPT
  67. iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top