Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #iptables-restore < /etc/iptables.test.rules
- iptables -F
- iptables -X
- iptables -t nat -F
- iptables -t nat -X
- iptables -t mangle -F
- iptables -t mangle -X
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT DROP
- ## On drop les scans XMAS et NULL.
- iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
- iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
- iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
- iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
- # Dropper silencieusement tous les paquets broadcastés.
- iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
- # Droping all invalid packets
- iptables -A INPUT -m state --state INVALID -j DROP
- iptables -A FORWARD -m state --state INVALID -j DROP
- iptables -A OUTPUT -m state --state INVALID -j DROP
- # Autorise les connexions déjà établies et localhost
- iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A INPUT -i lo -j ACCEPT
- #iptables -A OUTPUT -o lo -j ACCEPT
- # Autorise uniquement les processus de l'utilisateur tor à établir des
- connexions
- #iptables -A OUTPUT -m owner --uid-owner tor -j ACCEPT
- #TOR
- #iptables -A INPUT -p tcp -m tcp --dport 9050 -j ACCEPT
- iptables -A OUTPUT -p tcp -m tcp --dport 9050 -j ACCEPT
- # ICMP (Ping)
- iptables -A INPUT -p icmp -j DROP
- iptables -A OUTPUT -p icmp -j DROP
- # SSH
- iptables -A INPUT -p tcp --dport 666 -j DROP
- iptables -A OUTPUT -p tcp --dport 666 -j DROP
- # DNS
- iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
- iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
- #iptables -A INPUT -p tcp --dport 53 -j ACCEPT
- #iptables -A INPUT -p udp --dport 53 -j ACCEPT
- # HTTP
- iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
- #iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- #HTTPS
- iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
- #iptables -A INPUT -p tcp --dport 443 -j ACCEPT
- # FTP
- #iptables -A OUTPUT -p tcp --dport 20:21 -j DROP
- #iptables -A INPUT -p tcp --dport 20:21 -j DROP
- # Mail SMTP
- #iptables -A INPUT -p tcp --dport 25 -j DROP
- iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
- #iptables -A INPUT -p tcp --dport 587 -j DROP
- #iptables -A OUTPUT -p tcp --dport 587 -j DROP
- #Transmission
- iptables -A INPUT -m state --state ESTABLISHED -p udp --dport 51413 -j
- ACCEPT
- iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT
- # Mail POP3
- #iptables -A INPUT -p tcp --dport 110 -j DROP
- #iptables -A OUTPUT -p tcp --dport 110 -j DROP
- # Mail IMAP
- #iptables -A INPUT -p tcp --dport 143 -j DROP
- #iptables -A OUTPUT -p tcp --dport 143 -j DROP
- # NTP (horloge du serveur)
- iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
- # On log les paquets en entrée.
- iptables -A INPUT -j LOG
- # On log les paquets en sortie.
- iptables -A OUTPUT -j LOG
- # On log les paquets forward.
- iptables -A FORWARD -j LOG
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement