Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # reset tables
- iptables -P INPUT ACCEPT
- iptables -P FORWARD ACCEPT
- iptables -P OUTPUT ACCEPT
- iptables -F
- iptables -X
- # create additional chains
- iptables -N TCP
- iptables -N UDP
- # set policies for default chains
- iptables -P FORWARD ACCEPT
- iptables -P OUTPUT ACCEPT
- iptables -P INPUT DROP
- # accept trusted devices
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -i eth0 -j ACCEPT
- ## eth1
- # drop invalid packets
- iptables -A INPUT -m state --state INVALID -j DROP
- # accept established connections
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # accept ping (ICMP echo) requests
- iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW -j ACCEPT
- # add the UDP and TCP chain
- iptables -A INPUT -p udp -m state --state NEW -j UDP
- iptables -A INPUT -p tcp --syn -m state --state NEW -j TCP
- ## reject everything else
- iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreach
- iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst
- iptables -A INPUT -j REJECT --reject-with icmp-proto-unreach
- ## UDP open ports
- ## TCP open ports
- iptables -A TCP -p tcp --dport 80 -j ACCEPT # http
- iptables -A TCP -p tcp --dport 22 -j ACCEPT # ssh
- iptables -A TCP -p tcp -s 193.170.132.0/22 --dport 1111 -j ACCEPT # dhcpp
- # ip forwarding
- iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
