API tools faq
paste
ShapeShifter499

Untitled

ShapeShifter499
Jun 9th, 2013
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.09 KB | None | 0 0
raw download clone embed print report
  1. *nat
  2. ###****BEGIN FIREWALL PRESETUP****###
  3.  
  4. # Reqired iptables rule for eth0 masquerading (enable only if not using a vpn)
  5. -A POSTROUTING -o eth0 -j MASQUERADE
  6.  
  7. COMMIT
  8.  
  9. *filter
  10. # Allowing iodine (ip-over-dns) traffic (enable only if not using a vpn)
  11. -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  12. -A FORWARD -i dns+ -o eth0 -j ACCEPT
  13. # Make sure "accepted" packets are allowed
  14. -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  15.  
  16. ###****BEGIN IPTABLES WIFI FIREWALL ****###
  17. :FORWARD DROP
  18. -A FORWARD -i wlan0 -o eth0 -j ACCEPT
  19.  
  20. ###****BEGIN IPTABLES SERVER FIREWALL****###
  21. :INPUT DROP
  22. :OUTPUT ACCEPT
  23. ## Fine tune what traffic we want
  24. # Reject spoofed packets
  25. # Keep state.
  26. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  27. # Loop device.
  28. -A INPUT -i lo -j ACCEPT
  29. # http, https
  30. -A INPUT -p tcp --dport 80 -j ACCEPT
  31. -A INPUT -p tcp --dport 443 -j ACCEPT
  32. # smtp, submission
  33. -A INPUT -p tcp --dport 25 -j ACCEPT
  34. -A INPUT -p tcp --dport 587 -j ACCEPT
  35. # pop3, pop3s
  36. -A INPUT -p tcp --dport 110 -j ACCEPT
  37. -A INPUT -p tcp --dport 995 -j ACCEPT
  38. # imap, imaps
  39. -A INPUT -p tcp --dport 143 -j ACCEPT
  40. -A INPUT -p tcp --dport 993 -j ACCEPT
  41. # ssh
  42. -A INPUT -p tcp --dport 22 -j ACCEPT
  43. # Allow PING from remote hosts.
  44. -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  45. # ejabberd
  46. #-A INPUT -p tcp --dport 5222 -j ACCEPT
  47. #-A INPUT -p tcp --dport 5223 -j ACCEPT
  48. #-A INPUT -p tcp --dport 5280 -j ACCEPT
  49. # ldap/ldaps
  50. #-A INPUT -p tcp --dport 389 -j ACCEPT
  51. #-A INPUT -p tcp --dport 636 -j ACCEPT
  52. # ftp.
  53. #-A INPUT -p tcp --dport 20 -j ACCEPT
  54. #-A INPUT -p tcp --dport 21 -j ACCEPT
  55.  
  56. ###EXTRA IPTABLES STUFF###
  57.  
  58. ##REQUIRED IPTABLES RULES FOR VPN AND VPN IP MASQUERADING
  59. #--table nat --append POSTROUTING --out-interface tun0 -j MASQUERADE
  60. #-t filter -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  61. #-t filter -A FORWARD -i tun0 -o eth0 -j ACCEPT
  62.  
  63. ##REQIRED IPTABLES RULES FOR IODINE OVER VPN
  64. #-t filter -A FORWARD -i tun0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  65. #-t filter -A FORWARD -i dns+ -o tun0 -j ACCEPT
  66. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!