Public Pastes
daily pastebin goal
37%
SHARE
TWEET

Untitled

a guest Apr 23rd, 2015 4 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2.  
  3. ETH0=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
  4.  
  5. # Flushing all rules
  6. iptables -F
  7. iptables -X
  8.  
  9. # Setting default filter policy
  10. iptables -P INPUT DROP
  11. iptables -P OUTPUT ACCEPT
  12. iptables -P FORWARD DROP
  13.  
  14. # Allow unlimited traffic on loopback
  15. iptables -A INPUT -i lo -j ACCEPT
  16. iptables -A OUTPUT -o lo -j ACCEPT
  17. iptables -A OUTPUT -o eth0 -j ACCEPT
  18.  
  19. # Allow incoming ssh only
  20. iptables -A INPUT -p tcp -s 0/0 -d ${ETH0} --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
  21. iptables -A OUTPUT -p tcp -s ${ETH0} -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
  22.  
  23. #Allow DNS for outgoing connection
  24. iptables -A INPUT -p tcp -s 0/0 -d ${ETH0} -m state --state ESTABLISHED,RELATED -j ACCEPT
  25. iptables -A INPUT -p tcp -s 0/0 -d ${ETH0} --sport 513:65535 --dport 22 -j ACCEPT
  26.  
  27. # make sure nothing comes or goes out of this box
  28. iptables -A INPUT -j DROP
RAW Paste Data
Top