Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- IPT="/sbin/iptables"
- IP0="192.168.0.105"
- IP1="100.79.63.83"
- IP2="100.104.201.120"
- IP3="100.105.168.243"
- IP4="100.113.182.153"
- # Flush old rules
- $IPT -F
- $IPT -F -t nat
- $IPT -F -t mangle
- $IPT -X
- $IPT -X -t nat
- $IPT -X -t mangle
- # Set default policies
- $IPT -P INPUT ACCEPT
- $IPT -P FORWARD ACCEPT
- $IPT -P OUTPUT ACCEPT
- # Mark packages
- $IPT -t mangle -A OUTPUT -m owner --uid-owner ip1 -j MARK --set-mark 0x1
- $IPT -t mangle -A OUTPUT -m owner --uid-owner ip2 -j MARK --set-mark 0x2
- $IPT -t mangle -A OUTPUT -m owner --uid-owner ip3 -j MARK --set-mark 0x3
- $IPT -t mangle -A OUTPUT -m owner --uid-owner ip4 -j MARK --set-mark 0x4
- $IPT -t mangle -A OUTPUT -m owner --uid-owner ip5 -j MARK --set-mark 0x5
- # Accept all traffic through the loopback interface
- $IPT -A INPUT -i lo -j ACCEPT
- # Accept traffic of established connetctions
- $IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- # Accept safe ICMP requests
- $IPT -A INPUT -p icmp --icmp-type 3 -j ACCEPT
- $IPT -A INPUT -p icmp --icmp-type 8 -j ACCEPT
- $IPT -A INPUT -p icmp --icmp-type 12 -j ACCEPT
- # Accept SSH
- $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT
- $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22101 -j ACCEPT
- $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22102 -j ACCEPT
- $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22103 -j ACCEPT
- $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22104 -j ACCEPT
- # Public IP translation
- $IPT -t nat -A POSTROUTING -m mark --mark 0x1 -j SNAT --to-source $IP0
- $IPT -t nat -A POSTROUTING -m mark --mark 0x2 -j SNAT --to-source $IP1
- $IPT -t nat -A POSTROUTING -m mark --mark 0x3 -j SNAT --to-source $IP2
- $IPT -t nat -A POSTROUTING -m mark --mark 0x4 -j SNAT --to-source $IP3
- $IPT -t nat -A POSTROUTING -m mark --mark 0x5 -j SNAT --to-source $IP4
Advertisement
Add Comment
Please, Sign In to add comment
