Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- echo -n Aplicando Reglas de Firewall...
- # Defino variables importantes
- LAN=eth1
- WAN=eth0
- VNET=venet0
- # Habilito forwarding de paquetes
- echo "1" > /proc/sys/net/ipv4/ip_forward
- # Limpio reglas anteriores
- iptables -F
- iptables -X
- iptables -Z
- iptables -t nat -F
- # Defini politicas por defecto
- iptables --policy INPUT DROP
- iptables --policy OUTPUT ACCEPT
- iptables --policy FORWARD ACCEPT
- # Create a LOGDROP chain to log and drop packets
- iptables -N LOGDROP
- iptables -A LOGDROP -j LOG --log-prefix 'IPTABLES - BLOQUEADO: ' --log-level 4
- iptables -A LOGDROP -j DROP
- # Operar en localhost sin limitaciones
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A OUTPUT -o lo -j ACCEPT
- # Habilito todo lo que sea LAN
- iptables -A INPUT -i ${LAN} -j ACCEPT
- iptables -A OUTPUT -o ${LAN} -j ACCEPT
- # Habilito la interfaz virtual de OpenVZ
- iptables -A INPUT -i ${VNET} -j ACCEPT
- iptables -A OUTPUT -o ${VNET} -j ACCEPT
- # Aplico NAT
- iptables --table nat -A POSTROUTING --out-interface ${WAN} -j MASQUERADE
- iptables -A FORWARD --in-interface ${LAN} -j ACCEPT
- # - Habilitamos servicios
- # SSH
- iptables -A INPUT -i ${WAN} -p tcp --dport 22 -j ACCEPT
- # Ping / ICMP
- #iptables -A INPUT -i ${WAN} -m limit --limit 2/sec -p icmp -j ACCEPT
- # Apache
- iptables -A INPUT -i ${WAN} -p tcp --dport 80 -j ACCEPT
- # Transmission
- iptables -A INPUT -i ${WAN} -p tcp --dport 9091 -j ACCEPT
- # DNS
- iptables -A INPUT -i ${WAN} -p udp --dport 53 -j ACCEPT
- # Portforwarding
- iptables -A PREROUTING -t nat -i ${WAN} -p tcp --dport 80 -j DNAT --to 10.1.1.101:80
- iptables -A FORWARD -p tcp -i ${WAN} -o ${LAN} -d 10.1.1.101 --dport 80 -j ACCEPT
- # Admito todas las conexiones que yo haya iniciado
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement