Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # Vider les tables actuelles
- iptables -t filter -F
- # Vider les règles personnelles
- iptables -t filter -X
- # Interdire toute connexion entrante et sortante
- iptables -t filter -P INPUT DROP
- iptables -t filter -P FORWARD DROP
- iptables -t filter -P OUTPUT DROP
- # ---
- # Ne pas casser les connexions etablies
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Autoriser loopback
- iptables -t filter -A INPUT -i lo -j ACCEPT
- iptables -t filter -A OUTPUT -o lo -j ACCEPT
- # ICMP (Ping)
- iptables -t filter -A INPUT -p icmp -j ACCEPT
- iptables -t filter -A OUTPUT -p icmp -j ACCEPT
- # ---
- # SSH In
- iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
- # SSH Out
- iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
- # DNS In/Out
- iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
- iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
- # HTTP + HTTPS Out
- iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
- # FTP Out
- iptables -t filter -A OUTPUT -p tcp --dport 21 -j ACCEPT
- # FTP In
- modprobe ip_conntrack_ftp # ligne facultative avec les serveurs OVH
- iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT
- iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # ejabberd in
- iptables -t filter -A INPUT -p tcp --dport 5222 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 5269 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 5280 -j ACCEPT
- #ejabberd out
- iptables -t filter -A OUTPUT -p tcp --dport 5222 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 5269 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 5280 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
