API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 3rd, 2017
324
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.40 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. firewall="sudo `which iptables`"
  4.  
  5. local_ip_range="192.168.0.0/24"
  6. local_interface="wlp2s0"               #enter your local interface (usually eth0 or eth1 and so on - you can find it using "ifconfig")
  7.  
  8. virtual_ip_range="10.0.0.0/8"
  9. virtual_interface="tun0"             #virtual interface where the VPN goes through (find out with "ifconfig")
  10.  
  11. vpn_connect_protocol="udp"           #protocol shown in your .ovpn file (options are udp or tcp)
  12. vpn_connect_port="1194"              #connect_port is the port shown in your .ovpn file (1194 or 443 and so on..)
  13.  
  14.  
  15. #enter VPN server IPs here
  16. your_hostname_or_ip=("")
  17.  
  18.  
  19. #---------------------------------------------------------------
  20. # Remove old rules and tables
  21. #---------------------------------------------------------------
  22. echo "Deleting all old iptables rules..."
  23. sudo iptables -F
  24. sudo iptables -X
  25. sudo iptables -t nat -F
  26. sudo iptables -t nat -X
  27. sudo iptables -t mangle -F
  28. sudo iptables -t mangle -X
  29. sudo iptables -P INPUT DROP
  30. sudo iptables -P FORWARD DROP
  31. sudo iptables -P OUTPUT DROP
  32.  
  33.  
  34. echo "Setting up the new rules..."
  35.  
  36. #---------------------------------------------------------------
  37. # Allow all local connections via loopback
  38. #---------------------------------------------------------------
  39. $firewall -A INPUT -i lo -j ACCEPT
  40. $firewall -A OUTPUT -o lo -j ACCEPT
  41.  
  42. #---------------------------------------------------------------
  43. # Allow Multicast for local network
  44. #---------------------------------------------------------------
  45. #$firewall -A INPUT -p igmp -s $local_ip_range -d 224.0.0.0/4 -i $local_interface -j ACCEPT
  46. #$firewall -A OUTPUT -p igmp -s $local_ip_range -d 224.0.0.0/4 -o $local_interface -j ACCEPT
  47.  
  48. #---------------------------------------------------------------
  49. # UPnP uses IGMP multicast to find media servers
  50. # Accept IGMP broadcast packets.# Send SSDP Packets
  51. #---------------------------------------------------------------
  52. #$firewall -A INPUT -p igmp -s $local_ip_range -d 239.0.0.0/8 -i $local_interface -j ACCEPT
  53. #$firewall -A OUTPUT -p udp -s $local_ip_range -d 239.255.255.250 --dport 1900 -o $local_interface -j ACCEPT
  54.  
  55. #---------------------------------------------------------------
  56. # Allow all bidirectional traffic from your firewall to the local area network
  57. #---------------------------------------------------------------
  58. $firewall -A INPUT  -j ACCEPT -s $local_ip_range -i $local_interface
  59. $firewall -A OUTPUT -j ACCEPT -d $local_ip_range -o $local_interface
  60.  
  61. #---------------------------------------------------------------
  62. # Allow all bidirectional traffic from your firewall to the
  63. # virtual private network
  64. #---------------------------------------------------------------
  65. $firewall -A INPUT -i $virtual_interface -j ACCEPT
  66. $firewall -A OUTPUT -o $virtual_interface -j ACCEPT
  67.  
  68.  
  69. #---------------------------------------------------------------
  70. # Connection restriction to your IP/hostname
  71. #---------------------------------------------------------------
  72. if [[ ! -z $your_hostname_or_ip ]]; then
  73.   hostname_or_ip_count=${#your_hostname_or_ip[@]}
  74.   for (( c = 0; c < $hostname_or_ip_count; c++ ))
  75.   do
  76.     echo "loop"
  77.     $firewall -A INPUT -i $local_interface -p $vpn_connect_protocol -m $vpn_connect_protocol -s ${your_hostname_or_ip[c]} --sport $vpn_connect_port -j ACCEPT
  78.     $firewall -A OUTPUT -o $local_interface -p $vpn_connect_protocol -m $vpn_connect_protocol -d ${your_hostname_or_ip[c]} --dport $vpn_connect_port -j ACCEPT
  79.   done
  80.   else
  81.     $firewall -A INPUT -i $local_interface -p $vpn_connect_protocol -m $vpn_connect_protocol --sport $vpn_connect_port -j ACCEPT
  82.     $firewall -A OUTPUT -o $local_interface -p $vpn_connect_protocol -m $vpn_connect_protocol --dport $vpn_connect_port -j ACCEPT
  83. fi
  84.  
  85.  
  86.  
  87. #---------------------------------------------------------------
  88. # Default Policy - Drop everything
  89. #---------------------------------------------------------------
  90. $firewall -P INPUT DROP
  91. $firewall -P FORWARD DROP
  92. $firewall -P OUTPUT DROP
  93.  
  94. #---------------------------------------------------------------
  95. # Log all dropped packages, debug only.
  96. # View in /var/log/syslog or /var/log/messages
  97. #---------------------------------------------------------------
  98. sudo iptables -N logging
  99. sudo iptables -A INPUT -j logging
  100. sudo iptables -A OUTPUT -j logging
  101. sudo iptables -A logging -m limit --limit 2/min -j LOG --log-prefix "IPTables general: " --log-level 7
  102. sudo iptables -A logging -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!