API tools faq
paste
alienjon

Untitled

alienjon
Jun 18th, 2017
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.47 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # This should only need to be run once and should reset iptables to my own 'default' values.
  3.  
  4. # This will clear previous entries
  5. iptables -F
  6. ip6tables -F
  7. iptables -X
  8. ip6tables -X
  9.  
  10. # Automatically stop all communication.
  11. iptables -P INPUT DROP
  12. ip6tables -P INPUT DROP
  13. iptables -P FORWARD DROP
  14. ip6tables -P FORWARD DROP
  15. iptables -P OUTPUT DROP
  16. ip6tables -P OUTPUT DROP
  17.  
  18. # These are permaaccepted addresses.
  19. iptables -A INPUT -i lo -j ACCEPT
  20. ip6tables -A INPUT -i lo -j ACCEPT
  21. iptables -A OUTPUT -o lo -j ACCEPT
  22. ip6tables -A OUTPUT -o lo -j ACCEPT
  23.  
  24.  
  25. # These are permabanned addresses.
  26. iptables -A INPUT --source 218.65.30.43 -j RETURN
  27. iptables -A INPUT --source 153.99.182.23 -j RETURN
  28.  
  29. # Allow any established connections.
  30. iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  31. iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  32. iptables -A INPUT -s 192.168.1.11 -j ACCEPT
  33. iptables -A OUTPUT -s 192.168.1.11 -j ACCEPT
  34.  
  35. # Allow icmp connectoins
  36. iptables -A INPUT -p icmp -j ACCEPT
  37. iptables -A OUTPUT -p icmp -j ACCEPT
  38.  
  39. # Allow emerge --sync
  40. iptables -A INPUT -p TCP --dport 873 -j ACCEPT
  41. iptables -A OUTPUT -p TCP --dport 873 -j ACCEPT
  42.  
  43. # Needed emerge IP addresses
  44. iptables -A INPUT -s 200.236.31.1 -j ACCEPT
  45. iptables -A OUTPUT -s 200.236.31.1 -j ACCEPT
  46.  
  47. # Allow ssh
  48. iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
  49. #iptables -A INPUT -p tcp -s 192.168.1.0/24 --sport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
  50. #iptables -A OUTPUT -p tcp -s 192.168.1.0/24 --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
  51. #iptables -A OUTPUT -p tcp -s 192.168.1.0/24 --sport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
  52.  
  53. # Allow webserver
  54. #iptables -A INPUT -p TCP --dport http -j ACCEPT
  55. #iptables -A OUTPUT -p TCP --dport http -j ACCEPT
  56. iptables -A INPUT -p TCP --dport https --syn -m conntrack --ctstate NEW -j ACCEPT
  57. iptables -A OUTPUT -p TCP --dport https --syn -m conntrack --ctstate NEW -j ACCEPT
  58.  
  59. # Allow ftp
  60. iptables -A INPUT -p TCP -s 192.168.1.0/24 --dport ftp -j ACCEPT
  61. iptables -A OUTPUT -p TCP -s 192.168.1.0/24 --dport ftp -j ACCEPT
  62. iptables -A INPUT -p TCP -s 192.168.1.0/24 --dport sftp -j ACCEPT
  63. iptables -A OUTPUT -p TCP -s 192.168.1.0/24 --dport sftp -j ACCEPT
  64.  
  65. # DNS server
  66. iptables -A INPUT -p udp --dport 53 -j ACCEPT
  67. iptables -A INPUT -p tcp --sport 53 -j ACCEPT
  68. iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
  69. iptables -A OUTPUT -p tcp --sport 53 -j ACCEPT
  70.  
  71. # Plex server
  72. iptables -A INPUT -p tcp --dport 32400 -j ACCEPT # Plex REQUIRED server
  73. iptables -A INPUT -p udp --dport 1900 -j ACCEPT # Plex DLNA server
  74. iptables -A INPUT -p tcp --dport 3005 -j ACCEPT # Plex Home Theater companion
  75. iptables -A INPUT -p udp --dport 5353 -j ACCEPT # Bonjour/Avahi discovery
  76. iptables -A INPUT -p tcp --dport 8324 -j ACCEPT # Plex Roku companion
  77. iptables -A INPUT -p udp --dport 32410 -j ACCEPT # GDM network discovery
  78. iptables -A INPUT -p udp --dport 32412 -j ACCEPT # GDM network discovery
  79. iptables -A INPUT -p udp --dport 32413 -j ACCEPT # GDM network discovery
  80. iptables -A INPUT -p udp --dport 32414 -j ACCEPT # GDM network discovery
  81. iptables -A INPUT -p tcp --dport 32469 -j ACCEPT # Plex DLNA server
  82.  
  83. iptables -A OUTPUT -p tcp --dport 32400 -j ACCEPT # Plex REQUIRED server
  84. iptables -A OUTPUT -p udp --dport 1900 -j ACCEPT # Plex DLNA server
  85. iptables -A OUTPUT -p tcp --dport 3005 -j ACCEPT # Plex Home Theater companion
  86. iptables -A OUTPUT -p udp --dport 5353 -j ACCEPT # Bonjour/Avahi discovery
  87. iptables -A OUTPUT -p tcp --dport 8324 -j ACCEPT # Plex Roku companion
  88. iptables -A OUTPUT -p udp --dport 32410 -j ACCEPT # GDM network discovery
  89. iptables -A OUTPUT -p udp --dport 32412 -j ACCEPT # GDM network discovery
  90. iptables -A OUTPUT -p udp --dport 32413 -j ACCEPT # GDM network discovery
  91. iptables -A OUTPUT -p udp --dport 32414 -j ACCEPT # GDM network discovery
  92. iptables -A OUTPUT -p tcp --dport 32469 -j ACCEPT # Plex DLNA server
  93.  
  94. # Samba server
  95. iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 137 -j ACCEPT
  96. iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 138 -j ACCEPT
  97. iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT
  98. iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
  99. iptables -A OUTPUT -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
  100.  
  101. # Speedtest ports
  102. iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  103. iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
  104.  
  105. # Restart fail2ban
  106. /etc/init.d/fail2ban stop
  107. /etc/init.d/fail2ban start
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!