Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@debian:~# cat /etc/firewall
- #!/bin/bash
- ipts_cmds="iptables ip6tables"
- for ipt_cmd in ${ipts_cmds} ; do
- if [ "$1" != "stop" ]; then
- echo -n "### Loading ${ipt_cmd} firewall ###"
- fi
- ###############################################################
- ### Remove all previous rules, and delete any user defined chains ###
- ${ipt_cmd} -P INPUT ACCEPT
- ${ipt_cmd} -P FORWARD ACCEPT
- ${ipt_cmd} -P OUTPUT ACCEPT
- ${ipt_cmd} -t mangle -P PREROUTING ACCEPT
- ${ipt_cmd} -t mangle -P OUTPUT ACCEPT
- ${ipt_cmd} -X
- ${ipt_cmd} -F
- if [ "${ipt_cmd}" == iptables ] ; then
- ${ipt_cmd} -t nat -P PREROUTING ACCEPT
- ${ipt_cmd} -t nat -P POSTROUTING ACCEPT
- ${ipt_cmd} -t nat -P OUTPUT ACCEPT
- ${ipt_cmd} -t nat -X
- ${ipt_cmd} -t nat -F
- fi
- ${ipt_cmd} -t mangle -X
- ${ipt_cmd} -t mangle -F
- if [ "$1" != "stop" ]; then
- ###############################################################
- ### Set the default policies to drop ###
- ${ipt_cmd} -P INPUT DROP
- ${ipt_cmd} -P FORWARD DROP
- ${ipt_cmd} -P OUTPUT ACCEPT
- ###############################################################
- ### Allow Established connections ###
- ${ipt_cmd} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- ${ipt_cmd} -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- ###############################################################
- ### Accept all LOOPBACK (lo) traffic ###
- ${ipt_cmd} -A INPUT -i lo -j ACCEPT
- ###############################################################
- ### INBOUND Rules: Allow ONLY NEW packets on these ports ###.
- #${ipt_cmd} -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH ##
- ${ipt_cmd} -A INPUT -p tcp --dport 51238 -m state --state NEW -j ACCEPT ## SSH ##
- ${ipt_cmd} -A INPUT -p tcp --dport 51239 -m state --state NEW -j ACCEPT ## SSH M2G ##
- ${ipt_cmd} -A INPUT -p tcp --dport 23432 -m state --state NEW -j ACCEPT ## SSH ##
- ${ipt_cmd} -A INPUT -p tcp --dport 38000 -m state --state NEW -j ACCEPT ## DARKICE ##
- ${ipt_cmd} -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ## HTTP ##
- ${ipt_cmd} -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT ## HTTPS ##
- #${ipt_cmd} -A INPUT -p tcp --dport 51236 -m state --state NEW -j ACCEPT ## SQUID ##
- ${ipt_cmd} -A INPUT -m limit --limit 3/second --limit-burst 3 -j LOG --log-prefix "FW_INPUT: "
- ###############################################################
- ### FORWARD Rules: Allow ONLY NEW packets on these ports ###.
- ###############################################################
- ### OUTBOUND Rules: Allow ONLY NEW packets on these ports ###.
- ###############################################################
- ### OUTBOUND Rules: Allow ONLY NEW packets on these ports ###.
- #${ipt_cmd} -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ## HTTP & Shell ##
- #${ipt_cmd} -A OUTPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT ## HTTPS ##
- #${ipt_cmd} -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT ## DNS ##
- #${ipt_cmd} -A OUTPUT -p udp --dport 67 -m state --state NEW -j ACCEPT ## DHCP ##
- #${ipt_cmd} -A OUTPUT -p tcp --dport 631 -m state --state NEW -j ACCEPT ## CUPS ##
- #${ipt_cmd} -A OUTPUT -p tcp --dport 587 -m state --state NEW -j ACCEPT ## EXIM4 ##
- ###############################################################
- ### Don't Allow all ICMP Traffic (optional) - IN, FORWARD and OUTPUT ###
- if [ "${ipt_cmd}" == iptables ] ; then
- ${ipt_cmd} -A INPUT -p icmp --icmp-type any -j DROP
- ${ipt_cmd} -A FORWARD -p icmp --icmp-type any -j DROP
- ${ipt_cmd} -A OUTPUT -p icmp --icmp-type any -j DROP
- fi
- ###############################################################
- echo "### Firewall ${ipt_cmd} Loaded ###"
- else
- echo "### Firewall ${ipt_cmd} flushed ###"
- fi
- done
- exit 0
- root@debian:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement