Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. ### Firewall/Pare-Feu Linux (merci à Alexis de - http://www.tutoriels-video.fr)
  2. ### www.leblogduhacker.fr
  3. #!/bin/sh
  4. ### BEGIN INIT INFO
  5. # Provides:          Firewall maison
  6. # Required-Start:    $local_fs $remote_fs $network $syslog
  7. # Required-Stop:     $local_fs $remote_fs $network $syslog
  8. # Default-Start:
  9. # Default-Stop:
  10. # X-Interactive:     false
  11. # Short-Description: Firewall maison
  12. ### END INIT INFO
  13. # Mise à 0
  14. iptables -t filter -F
  15. iptables -t filter -X
  16. echo "Mise à 0"
  17. # On bloque tout
  18. iptables -t filter -P INPUT DROP
  19. iptables -t filter -P FORWARD DROP
  20. iptables -t filter -P OUTPUT DROP
  21. echo "Interdiction"
  22. # Ne pas casser les connexions établies
  23. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  24. iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  25. # Autorise le loopback (127.0.0.1)
  26. iptables -t filter -A INPUT -i lo -j ACCEPT
  27. iptables -t filter -A OUTPUT -o lo -j ACCEPT
  28. echo "Loopback"
  29. # ICMP (le ping)
  30. iptables -t filter -A INPUT -p icmp -j ACCEPT
  31. iptables -t filter -A OUTPUT -p icmp -j ACCEPT
  32. echo "Ping ok"
  33. # SSH IN/OUT
  34. iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
  35. iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
  36. echo "SSH ok"
  37. # DNS In/Out
  38. iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
  39. iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
  40. iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
  41. iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
  42. echo "dns ok"
  43. # NTP Out
  44. iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
  45. echo "ntp ok"
  46. # HTTP + HTTPS Out
  47. iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
  48. iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
  49. # HTTP + HTTPS In
  50. iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
  51. iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
  52. iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
  53. echo "http ok"
  54. # FTP Out
  55. iptables -t filter -A OUTPUT -p tcp --dport 21 -j ACCEPT
  56. iptables -t filter -A OUTPUT -p tcp --dport 20 -j ACCEPT
  57. # FTP In
  58. # imodprobe ip_conntrack_ftp # ligne facultative avec les serveurs OVH
  59. iptables -t filter -A INPUT -p tcp --dport 20 -j ACCEPT
  60. iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT
  61. iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  62. echo "ftp ok"
  63. # Mail SMTP:25
  64. iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
  65. iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
  66. # Mail POP3:110
  67. iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
  68. iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
  69. # Mail IMAP:143
  70. iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
  71. iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
  72. # Mail POP3S:995
  73. iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
  74. iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
  75. echo "mail ok"
  76. # Monit
  77. iptables -t filter -A INPUT -p tcp --dport 4598 -j ACCEPT
  78. # Webmin
  79. iptables -t filter -A INPUT -p tcp --dport 10000 -j ACCEPT
  80. echo "monitoring ok"