Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- ### BEGIN INIT INFO
- # Provides: firewall
- # Required-Start: $remote_fs $syslog
- # Required-Stop: $remote_fs $syslog
- # Default-Start: 2 3 4 5
- # Default-Stop: 0 1 6
- # Short-Description: Démarre les règles iptables
- # Description: Charge la configuration du pare-feu iptables
- ### END INIT INFO
- # Réinitialise les règles
- iptables -t filter -F
- iptables -t filter -X
- # Bloque tout le trafic
- iptables -t filter -P INPUT DROP
- iptables -t filter -P FORWARD DROP
- iptables -t filter -P OUTPUT DROP
- # Autorise les connexions déjà établies et localhost
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -t filter -A INPUT -i lo -j ACCEPT
- iptables -t filter -A OUTPUT -o lo -j ACCEPT
- # ICMP (Ping)
- iptables -t filter -A INPUT -p icmp -j ACCEPT
- iptables -t filter -A OUTPUT -p icmp -j ACCEPT
- # SSH
- iptables -t filter -A INPUT -p tcp --dport 5678 -j ACCEPT //Modifier par le port SSH
- iptables -t filter -A OUTPUT -p tcp --dport 5678 -j ACCEPT //Modifier par le port SSH
- # DNS
- iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
- iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
- iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
- # NTP (horloge du serveur)
- iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
- # HTTP
- iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
- # HTTP Caldav
- iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 8008 -j ACCEPT
- # SINUSBOT
- iptables -t filter -A INPUT -p tcp --dport 8087 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 8087 -j ACCEPT
- iptables -t filter -A INPUT -p udp --dport 8087 -j ACCEPT
- iptables -t filter -A OUTPUT -p udp --dport 8087 -j ACCEPT
- # Minecraft
- iptables -t filter -A INPUT -p tcp --dport 25565 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 25565 -j ACCEPT
- iptables -t filter -A INPUT -p udp --dport 25565 -j ACCEPT
- iptables -t filter -A OUTPUT -p udp --dport 25565 -j ACCEPT
- # HTTPS
- iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
- # HTTPS Caldav
- iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
- # FTP
- iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
- # Mail SMTP
- iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT
- # Mail POP3
- iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
- # Mail IMAP
- iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
- iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
- iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
- # Anti Flood / Deni de service / scan de port
- iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
- iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Add Comment
Please, Sign In to add comment
