pastebin

Private paste #68682: Firewall script - part 2

#!/bin/sh

IPT=/sbin/iptables

$IPT -F

#policies

$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT



$IPT -N SERVICES

#allowed inputs

$IPT -A INPUT --in-interface lo -j ACCEPT
$IPT -A INPUT -j SERVICES

#allow responses

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


#allow services

$IPT -A SERVICES -p tcp --dport 22 -j ACCEPT
$IPT -A SERVICES -p tcp --dport 8080 -j ACCEPT

$IPT -A SERVICES -m iprange --src-range 192.168.1.1-192.168.1.254 -p tcp --dport 631 -j ACCEPT

$IPT -A SERVICES -m iprange --src-range 192.168.1.1-192.168.1.254 -p udp --dport 631 -j ACCEPT


$IPT -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

$IPT -A FORWARD -p tcp --dport 8080 -j ACCEPT

New paste

  Language:
Private   — Wrap long lines  —  5 + 1 =   —  

About this pastebin

Welcome to the bulix.org / pastebin. Please don't use this pastebin for illegal purposes, defamation or kitten-squashing.

This pastebin is written using PHP and MySQL and relies on Alex Gorbatchev's syntax hhighlighter (JavaScript based). To avoid spam, you will be required to complete a small mathematical challenge when adding a new paste.

New! Try the pastebin command-line tool: paste.py (requires Python and python-beautifulsoup).

Powered by the Bulix.org Code Pastebin, by Maxime Petazzoni. View pastebin statistics.