-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptables.sh
45 lines (39 loc) · 1.63 KB
/
iptables.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
iptables -F -t nat
iptables -F
iptables --delete-chain
iptables -t nat --delete-chain
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -s 192.168.12.0/24 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8088 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2000:2099 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2100 -j ACCEPT
iptables -A INPUT -i ppp1 -p udp --dport 500 -j ACCEPT
iptables -A INPUT -i ppp1 -p udp --dport 4500 -j ACCEPT
iptables -A INPUT -i ppp1 -p udp --dport 1701 -j ACCEPT
iptables -A INPUT -i ppp1 -p 50 -j ACCEPT
iptables -A INPUT -i ppp1 -p 51 -j ACCEPT
iptables -A INPUT -i ppp1 -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
#iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
#iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
#iptables -A OUTPUT -j ACCEPT
iptables -I FORWARD -j ACCEPT
#iptables -A INPUT -j DROP
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -L
exit;