API tools faq
paste
ShapeShifter499

Untitled

ShapeShifter499
Jun 7th, 2013
66
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.35 KB | None | 0 0
raw download clone embed print report
  1. #---------------------------------------------------------------------
  2. # This file is part of iRedMail, which is an open source mail server
  3. # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
  4. #
  5. # iRedMail is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # iRedMail is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public License
  16. # along with iRedMail. If not, see <http://www.gnu.org/licenses/>.
  17. #---------------------------------------------------------------------
  18.  
  19. #
  20. # Sample iptables rules. It should be localted at:
  21. # /etc/sysconfig/iptables
  22. #
  23. # Shipped within iRedMail project:
  24. # * http://iRedMail.googlecode.com/
  25. #
  26.  
  27. *nat
  28.  
  29. # Enable masquerading
  30. -A POSTROUTING -o eth0 -j MASQUERADE
  31.  
  32. COMMIT
  33.  
  34. *filter
  35. :INPUT DROP [0:0]
  36. :FORWARD DROP [0:0]
  37. :OUTPUT ACCEPT [0:0]
  38.  
  39. # Enable WIFI
  40. -A FORWARD -i wlan0 -o eth0 -j ACCEPT
  41.  
  42. # Enable Iodine (IP-over-DNS)
  43. -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  44. -A FORWARD -i dns+ -o eth0 -j ACCEPT
  45.  
  46. # Keep state.
  47. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  48.  
  49. # Loop device.
  50. -A INPUT -i lo -j ACCEPT
  51.  
  52. # http, https
  53. -A INPUT -p tcp --dport 80 -j ACCEPT
  54. -A INPUT -p tcp --dport 443 -j ACCEPT
  55.  
  56. # smtp, submission
  57. -A INPUT -p tcp --dport 25 -j ACCEPT
  58. -A INPUT -p tcp --dport 587 -j ACCEPT
  59.  
  60. # pop3, pop3s
  61. -A INPUT -p tcp --dport 110 -j ACCEPT
  62. -A INPUT -p tcp --dport 995 -j ACCEPT
  63.  
  64. # imap, imaps
  65. -A INPUT -p tcp --dport 143 -j ACCEPT
  66. -A INPUT -p tcp --dport 993 -j ACCEPT
  67.  
  68. # ssh
  69. -A INPUT -p tcp --dport 22 -j ACCEPT
  70.  
  71. # Allow PING from remote hosts.
  72. -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  73.  
  74. # ejabberd
  75. #-A INPUT -p tcp --dport 5222 -j ACCEPT
  76. #-A INPUT -p tcp --dport 5223 -j ACCEPT
  77. #-A INPUT -p tcp --dport 5280 -j ACCEPT
  78.  
  79. # ldap/ldaps
  80. #-A INPUT -p tcp --dport 389 -j ACCEPT
  81. #-A INPUT -p tcp --dport 636 -j ACCEPT
  82.  
  83. # ftp.
  84. #-A INPUT -p tcp --dport 20 -j ACCEPT
  85. #-A INPUT -p tcp --dport 21 -j ACCEPT
  86.  
  87. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!