API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 21st, 2017
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 5.83 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #toutes les connexion ayant pour source ou destination même le retour (INPUT et OUTPUT) seront traité en fin de ce script
  4.  
  5. #Entre VLAN1 et VLAN2
  6.  
  7. iptables -A FORWARD -i $VLAN1 -o $VLAN2 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  8. iptables -A FORWARD -i $VLAN2 -o $VLAN1 -p tcp --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
  9.  
  10. iptables -A FORWARD -i $VLAN1 -o $VLAN2 -p udp  --dport 67:68 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  11. iptables -A FORWARD -i $VLAN2 -o $VLAN1 -p udp  --sport 67:68 -m state --state ESTABLISHED,RELATED -j ACCEPT
  12.  
  13.  
  14. iptables -A FORWARD -i $VLAN1 -o $VLAN2 -p tcp -m multiport --dport 111,646 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  15. iptables -A FORWARD -i $VLAN2 -o $VLAN1 -p tcp -m multiport --sport 111,646 -m state --state ESTABLISHED,RELATED -j ACCEPT
  16.  
  17.  
  18. iptables -A FORWARD -i $VLAN1 -o $VLAN2 -p tcp  --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  19. iptables -A FORWARD -i $VLAN2 -o $VLAN1 -p tcp  --sport 2049 -m state --state ESTABLISHED,RELATED -j ACCEPT
  20.  
  21.  
  22. iptables -A FORWARD -i $VLAN1 -o $VLAN2 -p tcp -m multiport --dport 199,445 -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  23. iptables -A FORWARD -i $VLAN2 -o $VLAN1 -p tcp -m multiport --dport 199,445 -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  24.  
  25. iptables -A FORWARD -i $VLAN1 -o $VLAN2 -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  26. iptables -A FORWARD -i $VLAN2 -o $VLAN1 -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  27.  
  28. #Entre VLAN1 et VLAN3(Internet)
  29. #Héhé grace au multiport je m'évite 4 lignes de regles en plus, le protocole etant le meme et l'etant de connexion aussi le meme autant tout mettre sur la meme ligne.
  30.  
  31. iptables -A FORWARD -i $VLAN1 -o $VLAN3 -p tcp -m multiport --dport 20,21,80,443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  32. iptables -A FORWARD -i $VLAN3 -o $VLAN1 -p tcp -m multiport --dport 20,21,80,443 -m state --state ESTABLISHED,RELATED -j ACCEPT
  33.  
  34. iptables -A FORWARD -i $VLAN1 -o $VLAN3 -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  35. iptables -A FORWARD -i $VLAN3 -o $VLAN1 -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  36.  
  37.  
  38. #Entre VLAN1 et DMZ
  39. #De meme le multiport m'évites une fois de plus la creation de 2 lignes supplémentaires.
  40.  
  41. iptables -A FORWARD -i $VLAN1 -o $DMZ -p tcp -m multiport --dport 22,80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  42. iptables -A FORWARD -i $DMZ -o $VLAN1 -p tcp -m multiport --sport 22,80 -m state --state ESTABLISHED,RELATED -j ACCEPT
  43.  
  44. iptables -A FORWARD -i $VLAN1 -o $DMZ -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  45. iptables -A FORWARD -i $DMZ -o $VLAN1 -p icmp -m state --state ESTABLISHED,RELATED -jACCEPT
  46.  
  47. #Entre VLAN2 et VLAN3
  48.  
  49. iptables -A FORWARD -i $VLAN2 -o $VLAN3 -p tcp -m multiport --dport 20,21,80,443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  50. iptables -A FORWARD -i $VLAN3 -o $VLAN2 -p tcp -m multiport --dport 20,21,80,443 -m state --state ESTABLISHED,RELATED -j ACCEPT
  51.  
  52. iptables -A FORWARD -i $VLAN2 -o $VLAN3 -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  53. iptables -A FORWARD -i $VLAN3 -o $VLAN2 -p icmp -m state --state ESTABLISHED,RELATED -jACCEPT
  54.  
  55. #Entre VLAN2 et VDMZ
  56.  
  57.  
  58. iptables -A FORWARD -i $VLAN2 -o $DMZ -p tcp  --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  59. iptables -A FORWARD -i $DMZ -o $VLAN2 -p tcp  --sport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  60.  
  61. iptables -A FORWARD -i $VLAN2 -o $DMZ -p udp  --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  62. iptables -A FORWARD -i $DMZ -o $VLAN2 -p udp  --sport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  63.  
  64. iptables -A FORWARD -i $VLAN2 -o $DMZ -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  65. iptables -A FORWARD -i $DMZ -o $VLAN2 -p icmp -m state --state ESTABLISHED,RELATED -jACCEPT
  66.  
  67. #Entre VLAN3 et DMZ
  68.  
  69. iptables -A FORWARD -i $VLAN3 -o $DMZ -p tcp -m multiport --dport 80,443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  70. iptables -A FORWARD -i $DMZ -o $VLAN3 -p tcp -m multiport --sport 80,443 -m state --state ESTABLISHED,RELATED -j ACCEPT
  71.  
  72. iptables -A FORWARD -i $VLAN3 -o $DMZ -p icmp -m state --state ESTABLISHED,RELATED -jACCEPT
  73. iptables -A FORWARD -i $DMZ -o $VLAN3 -p icmp -m state --state NEW,ESTABLISHED,RELATED -jACCEPT
  74.  
  75. #------------------------------------
  76.  
  77. #Et mainttenant on passe au fameux INPUT et OUTPUT pour le routeur lui même !!
  78.  
  79. #------------------------------------
  80.  
  81. #Entre VLAN1 et ROUTEUR
  82.  
  83. iptables -A INPUT -i $VLAN1 -p tcp -m multiport  --dport 22 -j ACCEPT
  84. iptables -A OUTPUT -o $VLAN1 -p tcp -m multiport --sport 22 -j ACCEPT
  85.  
  86. iptables -A INPUT -i $VLAN1 -p udp -m multiport  --dport 53,67,68 -j ACCEPT
  87. iptables -A OUTPUT -o $VLAN1 -p udp -m multiport --sport 53,67,68 -j ACCEPT
  88.  
  89. iptables -A INPUT -i $VLAN1 -p icmp -j ACCEPT
  90. iptables -A OUTPUT -o $VLAN1 -p icmp -j ACCEPT
  91.  
  92. #Entre VLAN2 et ROUTEUR
  93.  
  94. iptables -A INPUT -i $VLAN2 -p udp   --dport 53 -j ACCEPT
  95. iptables -A OUTPUT -o $VLAN2 -p udp  --sport 53 -j ACCEPT
  96.  
  97. iptables -A INPUT -i $VLAN2 -p icmp -j ACCEPT
  98. iptables -A OUTPUT -o $VLAN2 -p icmp -j ACCEPT
  99.  
  100. #Entre VLAN3 et ROUTEUR
  101.  
  102. iptables -A OUTPUT -o $VLAN3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  103. iptables -A INPUT -i $VLAN3 -p tcp --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
  104.  
  105. iptables -A OUTPUT -o $VLAN3 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  106. iptables -A INPUT -i $VLAN3 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
  107.  
  108. iptables -A INPUT -i $VLAN3 -p icmp -j ACCEPT -m state --state ESTABLISHED,RELATED -j ACCEPT
  109. iptables -A OUTPUT -o $VLAN3 -p icmp -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  110.  
  111. #Entre DMZ et ROUTEUR
  112.  
  113. iptables -A OUTPUT -o $DMZ -p udp --dport 53  -j ACCEPT
  114. iptables -A INPUT -i $DMZ -p udp --sport 53  -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!