API tools faq
paste
Guest User

Untitled

a guest
Oct 18th, 2018
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.17 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #
  3. EXT="my.domain.name"
  4. INT="my.hostname"
  5. LOCAL_ALIASES="my.domain.name my.hostname localhost"
  6. TCP_SERVICES="http https ssh domain 236 237 smtp 7777 3979 3128 10000 4242 16697 mysql 1022 2727 3389"
  7. UDP_SERVICES="openvpn 1195 3979"
  8. ALL="0/0"
  9. OPENVPN_DEVICES="tun0 tap0"
  10. OPENVPN_NETWORKS="10.1.0.0/24 10.1.1.0/24"
  11.  
  12. iptables -F INPUT
  13. iptables -F OUTPUT
  14. iptables -F FORWARD
  15. iptables -t nat -F PREROUTING
  16. iptables -t nat -F POSTROUTING
  17.  
  18. iptables -P INPUT DROP
  19. iptables -P OUTPUT ACCEPT
  20. iptables -P FORWARD DROP
  21.  
  22. # Allow localhost callbacks
  23. #for alias1 in $LOCAL_ALIASES
  24. #do
  25. # for alias2 in $LOCAL_ALIASES
  26. # do
  27. # iptables -A INPUT -s $alias1 -d $alias2 -j ACCEPT
  28. # done
  29. #done
  30.  
  31. # Established connections remain
  32. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  33. iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  34.  
  35. # Proxy intercept (Squid: 3128; Privoxy: 8080)
  36. for device in $OPENVPN_DEVICES
  37. do
  38. iptables -t nat -A PREROUTING -i $device -p tcp --dport http -j REDIRECT --to-port 3128
  39. done
  40.  
  41. # IPv4 Forwarding
  42. echo 1 > /proc/sys/net/ipv4/ip_forward
  43.  
  44. for network in $OPENVPN_NETWORKS
  45. do
  46. iptables -t nat -A POSTROUTING -s $network -o eth0 -j MASQUERADE
  47. done
  48.  
  49. # Allow internal VPN requests
  50. for device in $OPENVPN_DEVICES
  51. do
  52. iptables -A INPUT -i $device -j ACCEPT
  53. iptables -A FORWARD -i $device -j ACCEPT
  54. done
  55.  
  56. # Easy incoming server connections
  57. for tcp_service in $TCP_SERVICES
  58. do
  59. iptables -A INPUT -p tcp -d $EXT --dport $tcp_service -s $ALL -m state --state NEW -j ACCEPT
  60. done
  61.  
  62. for udp_service in $UDP_SERVICES
  63. do
  64. iptables -A INPUT -p udp -d $EXT --dport $udp_service -s $ALL -m state --state NEW -j ACCEPT
  65. done
  66.  
  67. # Output rules
  68. #for tcp_service in $TCP_SERV
  69. #do
  70. #iptables -A OUTPUT -o eth0 -p tcp -d $ALL --dport $FREE_PORTS -s $EXT --sport $tcp_service -m state --state ESTABLISHED -j ACCEPT
  71. #done
  72.  
  73. #for udp_service in $UDP_SERV
  74. #do
  75. #iptables -A OUTPUT -o eth0 -p udp -d $ALL --dport $FREE_PORTS -s $EXT --sport $udp_service -m state --state ESTABLISHED -j ACCEPT
  76. #done
  77.  
  78. #iptables -A OUTPUT -o eth0 -d $VPN_NET -s $INT -j ACCEPT
  79. #iptables -A OUTPUT -p udp -s $INT --sport 53 -d $VPN_NET --dport 53 -m state --state ESTABLISHED -j ACCEPT
  80.  
  81. # List rules
  82. iptables -L
  83. iptables -L -t nat
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!