API tools faq
paste
ShapeShifter499

Untitled

ShapeShifter499
Jun 9th, 2013
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.30 KB | None | 0 0
raw download clone embed print report
  1. *nat
  2.  
  3. # Reqired iptables rule for eth0 masquerading (enable only if not using a vpn)
  4. -A POSTROUTING -o eth0 -j MASQUERADE
  5.  
  6. COMMIT
  7.  
  8. *filter
  9. # Allowing iodine (ip-over-dns) traffic (enable only if not using a vpn)
  10. -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  11. -A FORWARD -i dns+ -o eth0 -j ACCEPT
  12. # Make sure "accepted" packets are allowed
  13. -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  14.  
  15. ###****BEGIN IPTABLES WIFI FIREWALL ****###
  16. :FORWARD DROP
  17. #Logging
  18. -A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
  19. -I FORWARD 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  20. # dns
  21. -A FORWARD -i wlan0 -o eth0 -p udp --dport 53 -j ACCEPT
  22. # http, https
  23. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 80 -j ACCEPT
  24. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 443 -j ACCEPT
  25. # irc
  26. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 7070 -j ACCEPT
  27. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 1338 -j ACCEPT
  28. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 6667 -j ACCEPT
  29. # Allow PING from remote hosts.
  30. -A FORWARD -i wlan0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
  31.  
  32. ###****BEGIN IPTABLES SERVER FIREWALL****###
  33. :INPUT DROP
  34. :OUTPUT ACCEPT
  35. ## Fine tune what traffic we want
  36. # Reject spoofed packets
  37. # Keep state.
  38. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  39. # Loop device.
  40. -A INPUT -i lo -j ACCEPT
  41. # http, https
  42. -A INPUT -p tcp --dport 80 -j ACCEPT
  43. -A INPUT -p tcp --dport 443 -j ACCEPT
  44. # smtp, submission
  45. -A INPUT -p tcp --dport 25 -j ACCEPT
  46. -A INPUT -p tcp --dport 587 -j ACCEPT
  47. # pop3, pop3s
  48. -A INPUT -p tcp --dport 110 -j ACCEPT
  49. -A INPUT -p tcp --dport 995 -j ACCEPT
  50. # imap, imaps
  51. -A INPUT -p tcp --dport 143 -j ACCEPT
  52. -A INPUT -p tcp --dport 993 -j ACCEPT
  53. # ssh
  54. -A INPUT -p tcp --dport 22 -j ACCEPT
  55. # Allow PING from remote hosts.
  56. -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  57. # ejabberd
  58. #-A INPUT -p tcp --dport 5222 -j ACCEPT
  59. #-A INPUT -p tcp --dport 5223 -j ACCEPT
  60. #-A INPUT -p tcp --dport 5280 -j ACCEPT
  61. # ldap/ldaps
  62. #-A INPUT -p tcp --dport 389 -j ACCEPT
  63. #-A INPUT -p tcp --dport 636 -j ACCEPT
  64. # ftp.
  65. #-A INPUT -p tcp --dport 20 -j ACCEPT
  66. #-A INPUT -p tcp --dport 21 -j ACCEPT
  67.  
  68. ###EXTRA IPTABLES STUFF###
  69.  
  70. ##REQUIRED IPTABLES RULES FOR VPN AND VPN IP MASQUERADING
  71. #--table nat --append POSTROUTING --out-interface tun0 -j MASQUERADE
  72. #-t filter -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  73. #-t filter -A FORWARD -i tun0 -o eth0 -j ACCEPT
  74.  
  75. ##REQIRED IPTABLES RULES FOR IODINE OVER VPN
  76. #-t filter -A FORWARD -i tun0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  77. #-t filter -A FORWARD -i dns+ -o tun0 -j ACCEPT
  78. COMMIT
  79.  
  80. # Reqired iptables rule for eth0 masquerading (enable only if not using a vpn)
  81. -A POSTROUTING -o eth0 -j MASQUERADE
  82.  
  83. COMMIT
  84.  
  85. *filter
  86. # Allowing iodine (ip-over-dns) traffic (enable only if not using a vpn)
  87. -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  88. -A FORWARD -i dns+ -o eth0 -j ACCEPT
  89. # Make sure "accepted" packets are allowed
  90. -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  91.  
  92. ###****BEGIN IPTABLES WIFI FIREWALL ****###
  93. :FORWARD DROP
  94. #Logging
  95. -A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
  96. -I FORWARD 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  97. # dns
  98. -A FORWARD -i wlan0 -o eth0 -p udp --dport 53 -j ACCEPT
  99. # http, https
  100. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 80 -j ACCEPT
  101. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 443 -j ACCEPT
  102. # irc
  103. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 7070 -j ACCEPT
  104. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 1338 -j ACCEPT
  105. -A FORWARD -i wlan0 -o eth0 -p tcp --dport 6667 -j ACCEPT
  106. # Allow PING from remote hosts.
  107. -A FORWARD -i wlan0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
  108.  
  109. ###****BEGIN IPTABLES SERVER FIREWALL****###
  110. :INPUT DROP
  111. :OUTPUT ACCEPT
  112. ## Fine tune what traffic we want
  113. # Reject spoofed packets
  114. # Keep state.
  115. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  116. # Loop device.
  117. -A INPUT -i lo -j ACCEPT
  118. # http, https
  119. -A INPUT -p tcp --dport 80 -j ACCEPT
  120. -A INPUT -p tcp --dport 443 -j ACCEPT
  121. # smtp, submission
  122. -A INPUT -p tcp --dport 25 -j ACCEPT
  123. -A INPUT -p tcp --dport 587 -j ACCEPT
  124. # pop3, pop3s
  125. -A INPUT -p tcp --dport 110 -j ACCEPT
  126. -A INPUT -p tcp --dport 995 -j ACCEPT
  127. # imap, imaps
  128. -A INPUT -p tcp --dport 143 -j ACCEPT
  129. -A INPUT -p tcp --dport 993 -j ACCEPT
  130. # ssh
  131. -A INPUT -p tcp --dport 22 -j ACCEPT
  132. # Allow PING from remote hosts.
  133. -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
  134. # ejabberd
  135. #-A INPUT -p tcp --dport 5222 -j ACCEPT
  136. #-A INPUT -p tcp --dport 5223 -j ACCEPT
  137. #-A INPUT -p tcp --dport 5280 -j ACCEPT
  138. # ldap/ldaps
  139. #-A INPUT -p tcp --dport 389 -j ACCEPT
  140. #-A INPUT -p tcp --dport 636 -j ACCEPT
  141. # ftp.
  142. #-A INPUT -p tcp --dport 20 -j ACCEPT
  143. #-A INPUT -p tcp --dport 21 -j ACCEPT
  144.  
  145. ###EXTRA IPTABLES STUFF###
  146.  
  147. ##REQUIRED IPTABLES RULES FOR VPN AND VPN IP MASQUERADING
  148. #--table nat --append POSTROUTING --out-interface tun0 -j MASQUERADE
  149. #-t filter -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  150. #-t filter -A FORWARD -i tun0 -o eth0 -j ACCEPT
  151.  
  152. ##REQIRED IPTABLES RULES FOR IODINE OVER VPN
  153. #-t filter -A FORWARD -i tun0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
  154. #-t filter -A FORWARD -i dns+ -o tun0 -j ACCEPT
  155. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!