Advertisement
synthnassizer

fg_fw

Jul 31st, 2015
210
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.93 KB | None | 0 0
  1. root@debian:~# cat /etc/firewall
  2. #!/bin/bash
  3.  
  4. ipts_cmds="iptables ip6tables"
  5.  
  6. for ipt_cmd in ${ipts_cmds} ; do
  7.  
  8. if [ "$1" != "stop" ]; then
  9. echo -n "### Loading ${ipt_cmd} firewall ###"
  10. fi
  11.  
  12. ###############################################################
  13. ### Remove all previous rules, and delete any user defined chains ###
  14. ${ipt_cmd} -P INPUT ACCEPT
  15. ${ipt_cmd} -P FORWARD ACCEPT
  16. ${ipt_cmd} -P OUTPUT ACCEPT
  17. ${ipt_cmd} -t mangle -P PREROUTING ACCEPT
  18. ${ipt_cmd} -t mangle -P OUTPUT ACCEPT
  19.  
  20. ${ipt_cmd} -X
  21. ${ipt_cmd} -F
  22.  
  23. if [ "${ipt_cmd}" == iptables ] ; then
  24. ${ipt_cmd} -t nat -P PREROUTING ACCEPT
  25. ${ipt_cmd} -t nat -P POSTROUTING ACCEPT
  26. ${ipt_cmd} -t nat -P OUTPUT ACCEPT
  27.  
  28. ${ipt_cmd} -t nat -X
  29. ${ipt_cmd} -t nat -F
  30. fi
  31.  
  32. ${ipt_cmd} -t mangle -X
  33. ${ipt_cmd} -t mangle -F
  34.  
  35. if [ "$1" != "stop" ]; then
  36.  
  37. ###############################################################
  38. ### Set the default policies to drop ###
  39. ${ipt_cmd} -P INPUT DROP
  40. ${ipt_cmd} -P FORWARD DROP
  41. ${ipt_cmd} -P OUTPUT ACCEPT
  42.  
  43. ###############################################################
  44. ### Allow Established connections ###
  45. ${ipt_cmd} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  46. ${ipt_cmd} -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  47.  
  48. ###############################################################
  49. ### Accept all LOOPBACK (lo) traffic ###
  50. ${ipt_cmd} -A INPUT -i lo -j ACCEPT
  51.  
  52.  
  53. ###############################################################
  54. ### INBOUND Rules: Allow ONLY NEW packets on these ports ###.
  55. #${ipt_cmd} -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ## SSH ##
  56. ${ipt_cmd} -A INPUT -p tcp --dport 51238 -m state --state NEW -j ACCEPT ## SSH ##
  57. ${ipt_cmd} -A INPUT -p tcp --dport 51239 -m state --state NEW -j ACCEPT ## SSH M2G ##
  58. ${ipt_cmd} -A INPUT -p tcp --dport 23432 -m state --state NEW -j ACCEPT ## SSH ##
  59. ${ipt_cmd} -A INPUT -p tcp --dport 38000 -m state --state NEW -j ACCEPT ## DARKICE ##
  60. ${ipt_cmd} -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ## HTTP ##
  61. ${ipt_cmd} -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT ## HTTPS ##
  62. #${ipt_cmd} -A INPUT -p tcp --dport 51236 -m state --state NEW -j ACCEPT ## SQUID ##
  63. ${ipt_cmd} -A INPUT -m limit --limit 3/second --limit-burst 3 -j LOG --log-prefix "FW_INPUT: "
  64.  
  65. ###############################################################
  66. ### FORWARD Rules: Allow ONLY NEW packets on these ports ###.
  67.  
  68. ###############################################################
  69. ### OUTBOUND Rules: Allow ONLY NEW packets on these ports ###.
  70. ###############################################################
  71. ### OUTBOUND Rules: Allow ONLY NEW packets on these ports ###.
  72. #${ipt_cmd} -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ## HTTP & Shell ##
  73. #${ipt_cmd} -A OUTPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT ## HTTPS ##
  74. #${ipt_cmd} -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT ## DNS ##
  75. #${ipt_cmd} -A OUTPUT -p udp --dport 67 -m state --state NEW -j ACCEPT ## DHCP ##
  76. #${ipt_cmd} -A OUTPUT -p tcp --dport 631 -m state --state NEW -j ACCEPT ## CUPS ##
  77. #${ipt_cmd} -A OUTPUT -p tcp --dport 587 -m state --state NEW -j ACCEPT ## EXIM4 ##
  78.  
  79. ###############################################################
  80. ### Don't Allow all ICMP Traffic (optional) - IN, FORWARD and OUTPUT ###
  81. if [ "${ipt_cmd}" == iptables ] ; then
  82. ${ipt_cmd} -A INPUT -p icmp --icmp-type any -j DROP
  83. ${ipt_cmd} -A FORWARD -p icmp --icmp-type any -j DROP
  84. ${ipt_cmd} -A OUTPUT -p icmp --icmp-type any -j DROP
  85. fi
  86.  
  87. ###############################################################
  88. echo "### Firewall ${ipt_cmd} Loaded ###"
  89.  
  90. else
  91. echo "### Firewall ${ipt_cmd} flushed ###"
  92. fi
  93.  
  94. done
  95.  
  96. exit 0
  97. root@debian:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement