API tools faq
paste
Advertisement
Guest User

FirewallCam

a guest
Aug 9th, 2021
229
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. iptables -F
  3. iptables -X
  4. iptables -t nat -F
  5.  
  6. iptables -P INPUT DROP
  7. iptables -P OUTPUT DROP
  8. iptables -P FORWARD DROP
  9.  
  10. #autorisation ICMP
  11. iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
  12. iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
  13.  
  14. #SSH
  15. iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  16. iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 22 -m state --state RELATED,ESTABLISHED -j ACCEPT
  17.  
  18. #HTTPS iface
  19. iptables -A INPUT -p tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  20. iptables -A OUTPUT -p tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
  21.  
  22. #video Salon
  23. iptables -A INPUT -s 192.168.1.50 -p tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
  24. iptables -A OUTPUT -d 192.168.1.50 -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  25.  
  26. #DNS
  27. iptables -A INPUT -p udp --sport 53 -m state --state RELATED,ESTABLISHED -j ACCEPT
  28. iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  29.  
  30. #HTTP iface
  31. iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8765 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  32. iptables -A OUTPUT -d 192.168.1.0/24 -p tcp --sport 8765 -m state --state RELATED,ESTABLISHED -j ACCEPT
  33.  
  34. #loopback
  35. iptables -A INPUT -i lo -j ACCEPT
  36. iptables -A OUTPUT -o lo -j ACCEPT
  37.  
  38. #samba
  39. iptables -A OUTPUT -p udp -m udp --dport 137 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  40. iptables -A OUTPUT -p udp -m udp --dport 138 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  41. iptables -A OUTPUT -p tcp -m tcp --dport 139 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  42. iptables -A OUTPUT -p tcp -m tcp --dport 445 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  43.  
  44. iptables -A INPUT -p udp -m udp --sport 137 -m state --state RELATED,ESTABLISHED -j ACCEPT
  45. iptables -A INPUT -p udp -m udp --sport 138 -m state --state RELATED,ESTABLISHED -j ACCEPT
  46. iptables -A INPUT -p tcp -m tcp --sport 139 -m state --state RELATED,ESTABLISHED -j ACCEPT
  47. iptables -A INPUT -p tcp -m tcp --sport 445 -m state --state RELATED,ESTABLISHED -j ACCEPT
  48.  
  49. #DHCP + NTP
  50. iptables -A INPUT -p udp --match multiport --dports 67,68 -j ACCEPT
  51. iptables -A OUTPUT -p udp --match multiport --dports 67,68 -j ACCEPT
  52.  
  53. iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
  54. iptables -A INPUT -p udp --sport 123 -j ACCEPT
  55.  
  56. #LOGGING
  57. iptables -N LOGGING
  58. iptables -A INPUT -j LOGGING
  59. iptables -A OUTPUT -j LOGGING
  60. iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
  61. iptables -A LOGGING -j DROP
  62.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!