Advertisement
Guest User

Untitled

a guest
Jun 7th, 2012
66
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.75 KB | None | 0 0
  1. #!/bin/bash
  2.  
  3. echo -n Aplicando Reglas de Firewall...
  4.  
  5. # Defino variables importantes
  6.  
  7. LAN=eth1
  8. WAN=eth0
  9. VNET=venet0
  10.  
  11. # Habilito forwarding de paquetes
  12. echo "1" > /proc/sys/net/ipv4/ip_forward
  13.  
  14. # Limpio reglas anteriores
  15. iptables -F
  16. iptables -X
  17. iptables -Z
  18. iptables -t nat -F
  19.  
  20. # Defini politicas por defecto
  21. iptables --policy INPUT DROP
  22. iptables --policy OUTPUT ACCEPT
  23. iptables --policy FORWARD ACCEPT
  24.  
  25. # Create a LOGDROP chain to log and drop packets
  26. iptables -N LOGDROP
  27. iptables -A LOGDROP -j LOG --log-prefix 'IPTABLES - BLOQUEADO: ' --log-level 4
  28. iptables -A LOGDROP -j DROP
  29.  
  30. # Operar en localhost sin limitaciones
  31. iptables -A INPUT -i lo -j ACCEPT
  32. iptables -A OUTPUT -o lo -j ACCEPT
  33.  
  34. # Habilito todo lo que sea LAN
  35. iptables -A INPUT -i ${LAN} -j ACCEPT
  36. iptables -A OUTPUT -o ${LAN} -j ACCEPT
  37.  
  38. # Habilito la interfaz virtual de OpenVZ
  39. iptables -A INPUT -i ${VNET} -j ACCEPT
  40. iptables -A OUTPUT -o ${VNET} -j ACCEPT
  41.  
  42. # Aplico NAT
  43. iptables --table nat -A POSTROUTING --out-interface ${WAN} -j MASQUERADE
  44. iptables -A FORWARD --in-interface ${LAN} -j ACCEPT
  45.  
  46. # - Habilitamos servicios
  47. # SSH
  48. iptables -A INPUT -i ${WAN} -p tcp --dport 22 -j ACCEPT
  49. # Ping / ICMP
  50. #iptables -A INPUT -i ${WAN} -m limit --limit 2/sec -p icmp -j ACCEPT
  51. # Apache
  52. iptables -A INPUT -i ${WAN} -p tcp --dport 80 -j ACCEPT
  53. # Transmission
  54. iptables -A INPUT -i ${WAN} -p tcp --dport 9091 -j ACCEPT
  55. # DNS
  56. iptables -A INPUT -i ${WAN} -p udp --dport 53 -j ACCEPT
  57.  
  58. # Portforwarding
  59. iptables -A PREROUTING -t nat -i ${WAN} -p tcp --dport 80 -j DNAT --to 10.1.1.101:80
  60. iptables -A FORWARD -p tcp -i ${WAN} -o ${LAN} -d 10.1.1.101 --dport 80 -j ACCEPT
  61.  
  62. # Admito todas las conexiones que yo haya iniciado
  63. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement