Cool 'n Simple IPTables Firewall Script - see the FIXME
This is a discussion on Cool 'n Simple IPTables Firewall Script - see the FIXME within the Linux Networking forums, part of the Linux Forums category; #!/bin/bash #this is your wan interface inet=ppp0 echo Flushing tables... iptables -t nat -F iptables -F echo Activating ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-20-2005
|
|||
|
|||
Cool 'n Simple IPTables Firewall Script - see the FIXME
#!/bin/bash
#this is your wan interface inet=ppp0 echo Flushing tables... iptables -t nat -F iptables -F echo Activating Firewall... /sbin/iptables -N block /sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A block -m state --state NEW -i ! $inet -j ACCEPT /sbin/iptables -A block -j LOG /sbin/iptables -A block -j DROP /sbin/iptables -A INPUT -j block /sbin/iptables -A FORWARD -j block echo Enabling IP Forwarding... echo "1" > /proc/sys/net/ipv4/ip_forward #friendlynet=xx.xx.xx.xx/32 #echo Allowing $allowin full incoming access... #/sbin/iptables -A block -s $friendlynet -j ACCEPT allowport=80 #echo Allowing incoming connections on port $allowin... #/sbin/iptables *** -FIXME *** echo Activating Masquerading... iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo Activating Transparent Proxying... iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #ports=666:668 #dest=192.168.0.95 # #echo Forwarding ports $ports to $dest... #iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT # #ports=27001 #dest=192.168.0.95 # #echo Forwarding ports $ports to $dest... #iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT ports=27001 dest=192.168.0.4 echo Forwarding udp ports $ports to $dest... iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT 
|
|
04-21-2005
|
|||
|
|||
|
Cool 'n Simple ADSL fw+pf+nat script v2
Hey, it may not be the most elegant solution, but it works!
This is for a server connected via adsl, acting as a gateway, webserver, mailserver, proxy, nat firewall. #!/bin/bash inet=ppp0 echo Flushing tables... iptables -t nat -F iptables -F echo Activating Firewall... iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! $inet -j ACCEPT allowin=80 echo Allowing port $allowin tcp incoming access... iptables -A block -p tcp -i $inet --dport $allowin -j ACCEPT #iptables -A block -p udp -i $inet --dport $allowin -j ACCEPT allowin=443 echo Allowing port $allowin tcp incoming access... iptables -A block -p tcp -i $inet --dport $allowin -j ACCEPT #iptables -A block -p udp -i $inet --dport $allowin -j ACCEPT allowin=22 echo Allowing port $allowin tcp incoming access... iptables -A block -p tcp -i $inet --dport $allowin -j ACCEPT #iptables -A block -p udp -i $inet --dport $allowin -j ACCEPT #friendlynet=xx.xx.xx.xx/32 #echo Allowing $allowin full incoming access... [untested] #/sbin/iptables -A block -s $friendlynet -j ACCEPT #iptables -A block -j LOG iptables -A block -i $inet -j DROP iptables -A INPUT -j block iptables -A FORWARD -j block # Allow self access by loopback interface iptables -A INPUT -i lo -p all -j ACCEPT iptables -A OUTPUT -o lo -p all -j ACCEPT echo Enabling IP Forwarding... echo "1" > /proc/sys/net/ipv4/ip_forward echo Activating Masquerading... iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo Activating Transparent Proxying... iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 #iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT #ports=666:668 #dest=192.168.0.95 # #echo Forwarding ports $ports to $dest... #iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT # #ports=27001 #dest=192.168.0.95 # #echo Forwarding ports $ports to $dest... #iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT --to-dest $dest #iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 07:47 PM.
