#!/bin/bash# portierbarkeitPATH_IPT=/sbin/iptablesPATH_IPT6=/sbin/ip6tab

1. #!/bin/bash
2.  
3. # portierbarkeit
4. PATH_IPT=/sbin/iptables
5. PATH_IPT6=/sbin/ip6tables
6.  
7. ipSRV=192.168.178.29
8. #ipSRV=10.126.244.13
9. ipADM=192.168.178.35
10. #ipADM=10.126.244.195
11.  
12.  
13.  
14. # drop everything by default
15. $PATH_IPT -P INPUT DROP
16. $PATH_IPT -P FORWARD DROP
17. $PATH_IPT -P OUTPUT DROP
18.  
19. $PATH_IPT6 -P INPUT DROP
20. $PATH_IPT6 -P FORWARD DROP
21. $PATH_IPT6 -P OUTPUT DROP
22.  
23.  
24. $PATH_IPT -F
25. $PATH_IPT -X
26.  
27. $PATH_IPT6 -F
28. $PATH_IPT6 -X
29.  
30. #enable admin ssh
31. $PATH_IPT -A INPUT -s $ipADM -d $ipSRV -p TCP --dport ssh -j ACCEPT
32. $PATH_IPT -A OUTPUT -s $ipSRV -d $ipADM -p TCP --sport ssh -j ACCEPT
33.  
34. # enable http, https, 8081 and DNS
35. $PATH_IPT -A INPUT -p TCP --dport 8081 -j ACCEPT
36. #$PATH_IPT -A INPUT -p TCP --sport 8081 -j ACCEPT
37. $PATH_IPT -A OUTPUT -p TCP --sport 8081 -j ACCEPT
38. #$PATH_IPT -A OUTPUT -p TCP --dport 8081 -j ACCEPT
39. $PATH_IPT -A INPUT -p TCP --dport 80 -j ACCEPT
40. $PATH_IPT -A OUTPUT -p TCP --sport 80 -j ACCEPT
41. $PATH_IPT -A OUTPUT -p UDP --sport 53 -j ACCEPT
42.  
43. $PATH_IPT -A OUTPUT -p UDP --sport 8081 -j ACCEPT
44. $PATH_IPT -A INPUT -p UDP --dport 8081 -j ACCEPT
45.  
46. #$PATH_IPT -A OUTPUT -p UDP --sport 22 -j ACCEPT
47. #$PATH_IPT -A INPUT -p UDP --dport 22 -j ACCEPT
48.  
49.  
50. $PATH_IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT