API tools faq
paste
Guest User

Untitled

a guest
Oct 18th, 2018
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.16 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #
  3. EXT="ewangunn.com"
  4. INT="zeus"
  5. LOCAL_ALIASES="ewangunn.com zeus localhost"
  6. TCP_SERVICES="http https ssh domain 236 237 smtp 7777 3979 3128 10000 4242 16697 mysql 1022 2727 3389"
  7. UDP_SERVICES="openvpn 1195 3979"
  8. ALL="0/0"
  9. OPENVPN_DEVICES="tun0 tap0"
  10. OPENVPN_NETWORKS="10.1.0.0/24 10.1.1.0/24"
  11.  
  12. iptables -F INPUT
  13. iptables -F OUTPUT
  14. iptables -F FORWARD
  15. iptables -t nat -F PREROUTING
  16. iptables -t nat -F POSTROUTING
  17.  
  18. iptables -P INPUT DROP
  19. iptables -P OUTPUT ACCEPT
  20. iptables -P FORWARD DROP
  21.  
  22. # Allow localhost callbacks
  23. #for alias1 in $LOCAL_ALIASES
  24. #do
  25. # for alias2 in $LOCAL_ALIASES
  26. # do
  27. # iptables -A INPUT -s $alias1 -d $alias2 -j ACCEPT
  28. # done
  29. #done
  30.  
  31. # Established connections remain
  32. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  33. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  34.  
  35. # Proxy intercept (Squid: 3128; Privoxy: 8080)
  36. for device in $OPENVPN_DEVICES
  37. do
  38. iptables -t nat -A PREROUTING -i $device -p tcp --dport http -j REDIRECT --to-port 3128
  39. done
  40.  
  41. # OpenVPN IPv4 Forwarding
  42. echo 1 > /proc/sys/net/ipv4/ip_forward
  43. for network in $OPENVPN_NETWORKS
  44. do
  45. iptables -t nat -A POSTROUTING -s $network -o eth0 -j MASQUERADE
  46. done
  47.  
  48. # Allow internal VPN requests
  49. for device in $OPENVPN_DEVICES
  50. do
  51. iptables -A INPUT -i $device -j ACCEPT
  52. iptables -A FORWARD -i $device -j ACCEPT
  53. done
  54.  
  55. # Easy incoming server connections
  56. for tcp_service in $TCP_SERVICES
  57. do
  58. iptables -A INPUT -p tcp -d $EXT --dport $tcp_service -s $ALL -m state --state NEW -j ACCEPT
  59. done
  60.  
  61. for udp_service in $UDP_SERVICES
  62. do
  63. iptables -A INPUT -p udp -d $EXT --dport $udp_service -s $ALL -m state --state NEW -j ACCEPT
  64. done
  65.  
  66. # Output rules
  67. #for tcp_service in $TCP_SERV
  68. #do
  69. #iptables -A OUTPUT -o eth0 -p tcp -d $ALL --dport $FREE_PORTS -s $EXT --sport $tcp_service -m state --state ESTABLISHED -j ACCEPT
  70. #done
  71.  
  72. #for udp_service in $UDP_SERV
  73. #do
  74. #iptables -A OUTPUT -o eth0 -p udp -d $ALL --dport $FREE_PORTS -s $EXT --sport $udp_service -m state --state ESTABLISHED -j ACCEPT
  75. #done
  76.  
  77. #iptables -A OUTPUT -o eth0 -d $VPN_NET -s $INT -j ACCEPT
  78. #iptables -A OUTPUT -p udp -s $INT --sport 53 -d $VPN_NET --dport 53 -m state --state ESTABLISHED -j ACCEPT
  79.  
  80. # List rules
  81. iptables -L
  82. iptables -L -t nat
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!