Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- eth0='eno16777728'
- iptables -P INPUT ACCEPT
- iptables -P FORWARD ACCEPT
- iptables -P OUTPUT ACCEPT
- iptables -F
- iptables -X
- iptables -t nat -F
- iptables -t nat -X
- iptables -t mangle -F
- iptables -t mangle -X
- iptables -F
- iptables -P INPUT DROP
- iptables -P OUTPUT DROP
- iptables -P FORWARD DROP
- iptables -A OUTPUT -o lo -j ACCEPT
- iptables -A INPUT -s 192.168.0.0/24 -j DROP
- iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- #always
- iptables -A OUTPUT -p icmp --icmp-type echo-reply -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
- iptables -A INPUT -p icmp --icmp-type echo-reply -m state --state ESTABLISHED,RELATED -j ACCEPT
- #3
- iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
- iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
- #4
- iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- #5
- iptables -A OUTPUT -p tcp --sport 1024: --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p tcp --sport 1024: -m conntrack --ctstate ESTABLISHED -j ACCEPT
- #6.1
- iptables -A OUTPUT -p tcp --match multiport --dport 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p tcp --match multiport --sport 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- #6.2
- iptables -A INPUT -p tcp --match multiport --dport 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -p tcp --match multiport --sport 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
