#!/bin/bash###****BEGIN IPTABLES HOSTAPD FIREWALL****#### Ensure subnets do

1. #!/bin/bash
2. ###****BEGIN IPTABLES HOSTAPD FIREWALL****###
3. # Ensure subnets do not match
4. ifconfig dns0 up 172.16.0.1 netmask 255.255.255.254
5. ifconfig dns1 up 172.16.2.1 netmask 255.255.255.252
6. ifconfig wlan0 up 10.0.0.2 netmask 255.255.255.0
7. # Clearing old iptables settings
8. iptables -F
9. iptables -t nat -F
10. iptables -t mangle -F
11. iptables -X
12. iptables -t nat -X
13. iptables -t mangle -X
14. # Reqired iptables rule for eth0 masquerading (enable only if not using a vpn)
15. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
16. # Allowing wireless traffic (enable only if not using a vpn)
17. iptables --append FORWARD --in-interface wlan0 --out-interface eth0 -j ACCEPT
18. # Allowing iodine (ip-over-dns) traffic (enable only if not using a vpn)
19. iptables -t filter -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
20. iptables -t filter -A FORWARD -i dns+ -o eth0 -j ACCEPT
21. # Make sure "accepted" packets are allowed
22. iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
23.  
24. ###****BEGIN IPTABLES EMAIL FIREWALL****###
25. iptables -P INPUT DROP
26. iptables -P FORWARD DROP
27. iptables -P OUTPUT ACCEPT
28. ## Fine tune what traffic we want
29. # Keep state.
30. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
31. # Loop device.
32. iptables -A INPUT -i lo -j ACCEPT
33. # http, https
34. iptables -A INPUT -p tcp --dport 80 -j ACCEPT
35. iptables -A INPUT -p tcp --dport 443 -j ACCEPT
36. # smtp, submission
37. iptables -A INPUT -p tcp --dport 25 -j ACCEPT
38. iptables -A INPUT -p tcp --dport 587 -j ACCEPT
39. # pop3, pop3s
40. iptables -A INPUT -p tcp --dport 110 -j ACCEPT
41. iptables -A INPUT -p tcp --dport 995 -j ACCEPT
42. # imap, imaps
43. iptables -A INPUT -p tcp --dport 143 -j ACCEPT
44. iptables -A INPUT -p tcp --dport 993 -j ACCEPT
45. # ssh
46. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
47. # Allow PING from remote hosts.
48. iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
49. # ejabberd
50. #iptables -A INPUT -p tcp --dport 5222 -j ACCEPT
51. #iptables -A INPUT -p tcp --dport 5223 -j ACCEPT
52. #iptables -A INPUT -p tcp --dport 5280 -j ACCEPT
53. # ldap/ldaps
54. #iptables -A INPUT -p tcp --dport 389 -j ACCEPT
55. #iptables -A INPUT -p tcp --dport 636 -j ACCEPT
56. # ftp.
57. #iptables -A INPUT -p tcp --dport 20 -j ACCEPT
58. #iptables -A INPUT -p tcp --dport 21 -j ACCEPT