Guest User

Untitled

a guest
Apr 16th, 2018
207
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.44 KB | None | 0 0
  1. #!/bin/bash
  2. #
  3. # Watch me mess this up.
  4. #
  5. # Topology ftw
  6. #
  7. # +----------+
  8. # | PC 1 +<---+
  9. # +----------+ |
  10. # | +------------------+
  11. # +----------+ | +-----------+ 192.168.0.1:eth0 | |
  12. # | PC 2 +<---+------>+ Switch +<----------------->+ Linux Firewall | +--+pr0n
  13. # +----------+ | +-----------+ (LAN) | | Ethernet +-------+ |
  14. # | | DHCP:eth2+<---------->+ Modem +<---+ISP+---+Internet+-+--+torrents
  15. # +----------+ | | (WAN) | +-------+ |
  16. # | PC 3 +<---+ +------------------+ +--+lolcatz
  17. # +----------+
  18. #
  19. # /Topolgy ftl
  20. #
  21. # Scripting ftw
  22. #
  23. # Flush tables
  24. #
  25. iptables -F
  26. iptables -t nat -F
  27. iptables -t mangle -F
  28. iptables -X
  29.  
  30. # Allow esdtablished connections
  31. iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  32. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  33.  
  34.  
  35. # Allow loopback (127.0.01) traffic
  36. iptables -A INPUT -i lo -j ACCEPT
  37. iptables -A OUTPUT -o lo -j ACCEPT
  38.  
  39. # Allow established connections, and those not coming from the outside
  40.  
  41. #
  42. # WAN emergency stop
  43.  
  44. #iptables -A INPUT -i eth2 -j DROP
  45.  
  46. # Accept DHCP requests
  47. iptables -A INPUT -i eth0 -p udp --sport 68 --dport 67 -j ACCEPT
  48.  
  49.  
  50. #
  51. #
  52. # Drops
  53. #
  54. #
  55.  
  56.  
  57. # Kazaa probes
  58. iptables -A INPUT -p tcp -m tcp --dport 1214 -j DROP
  59. iptables -A INPUT -p udp -m udp --dport 1214 -j DROP
  60.  
  61.  
  62. #
  63. #
  64. # Logs
  65. #
  66. #
  67.  
  68. # LOW/HIGH TCP/UDP CONNECTION (log'd)
  69. iptables -A INPUT -p tcp --dport 0:1023 -m state --state NEW -j LOG --log-prefix "LOW PORT TCP CONNECTION: "
  70. #iptables -A INPUT -p udp -m state --state NEW --dport 0:1023 -j LOG --log-prefix "LOW PORT UDP CONNECTION: "
  71. #iptables -A INPUT -p tcp -m state --state NEW --dport 1024:65535 -j LOG --log-prefix "HIGH PORT UDP CONNECTION: "
  72. iptables -A INPUT -p udp -m state --state NEW --dport 1024:65535 -j LOG --log-prefix "HIGH PORT UDP CONNECTION:"
  73. # IMPROPER TAG FRAME (log'd)
  74. #iptables -A INPUT -p tcp --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j LOG --log-prefix "NEW NOT SYN: "
  75.  
  76. # Log pings
  77. iptables -A INPUT -p icmp -j LOG --log-prefix "ECHO: "
  78.  
  79. #
  80. #
  81. # Accepts
  82. #
  83. #
  84.  
  85. # Accept DNS queries (hopefully)
  86. iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
  87.  
  88. # Accept ssh
  89. iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
  90.  
  91. # Accept ntp
  92. iptables -A INPUT -p udp --sport 123 -j ACCEPT
  93.  
  94. # Accept BitTorrent
  95. iptables -A INPUT -p tcp --sport 43067 -j ACCEPT
  96. #iptables -A FORWARD -s 192.168.1.133 -p tcp --dport 43067:43083 -j ACCEPT
  97. iptables -A FORWARD -s 192.168.1.122 -p tcp --dport 43084:43092 -j ACCEPT
  98.  
  99.  
  100. # Set policy
  101. iptables -P INPUT DROP
  102. iptables -P FORWARD DROP
  103.  
  104. # NAT
  105. iptables -t nat -A POSTROUTING -s 192.168.1.0/25 -j MASQUERADE
  106. iptables -t nat -A PREROUTING -p tcp --dport 43067:43083 -j DNAT --to-destination 192.168.0.133
  107. iptables -t nat -A PREROUTING -p tcp --dport 43084:43092 -j DNAT --to-destination 192.168.0.122
  108.  
  109. # Ok forwarding with the system
  110. echo 1 > /proc/sys/net/ipv4/ip_forward
Add Comment
Please, Sign In to add comment