Spir · March 20, 2014 08:54
diff --git a/firewall b/firewall
 #!/bin/sh
 # firewall settings
 
 ### BEGIN INIT INFO
 # Provides: firewall
 # Required-Start: $remote_fs $syslog $network
 # Required-Stop: $remote_fs $syslog $network
 # Default-Start: 2 3 4 5
 # Default-Stop: 0 1 6
 # Short-Description: iptables firewall
 # Description: iptables initialization script
 ### END INIT INFO
 
 # purge tables
 iptables -t filter -F
 
 # purge rules
 iptables -t filter -X
 
 # deny any in and out
 iptables -t filter -P INPUT DROP
 iptables -t filter -P FORWARD DROP
 iptables -t filter -P OUTPUT DROP
 
 # keep alive connections
 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 # Loopback
 iptables -t filter -A INPUT -i lo -j ACCEPT
 iptables -t filter -A OUTPUT -o lo -j ACCEPT
 
 # ICMP
 iptables -t filter -A INPUT -p icmp -j ACCEPT
 iptables -t filter -A OUTPUT -p icmp -j ACCEPT
 
 # SSH
 iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
 iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
 
 # DNS
 iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
 iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
 iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
 iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
 
 # DNS 2
 iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx --sport 1024:65535 -d my.ip.address.xxx --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -s my.ip.address.xxx --sport 53 -d xxx.xxx.xxx.xxx --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 
 # NTP
 iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
 
 # Mail SMTP:25
 iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
 iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
 
 # Mail IMAPS:993
 iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
 iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
 
 # HTTP
 iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
 iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
 iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
 iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
 
 # FTP
 iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
 iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
 iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 # SVN
 #iptables -A INPUT -p tcp -i eht0 --dport 3690 -j ACCEPT
 
 # GIT
 #iptables -A OUTPUT -o eth0 -p tcp --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
 #iptables -A INPUT -i eth0 -p tcp --sport 9418 -m state --state ESTABLISHED -j ACCEPT
 
 # WEBMIN
 iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
	#!/bin/sh
	# firewall settings

	### BEGIN INIT INFO
	# Provides: firewall
	# Required-Start: $remote_fs $syslog $network
	# Required-Stop: $remote_fs $syslog $network
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: iptables firewall
	# Description: iptables initialization script
	### END INIT INFO

	# purge tables
	iptables -t filter -F

	# purge rules
	iptables -t filter -X

	# deny any in and out
	iptables -t filter -P INPUT DROP
	iptables -t filter -P FORWARD DROP
	iptables -t filter -P OUTPUT DROP

	# keep alive connections
	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

	# Loopback
	iptables -t filter -A INPUT -i lo -j ACCEPT
	iptables -t filter -A OUTPUT -o lo -j ACCEPT

	# ICMP
	iptables -t filter -A INPUT -p icmp -j ACCEPT
	iptables -t filter -A OUTPUT -p icmp -j ACCEPT

	# SSH
	iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
	iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT

	# DNS
	iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
	iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
	iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
	iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

	# DNS 2
	iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx --sport 1024:65535 -d my.ip.address.xxx --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp -s my.ip.address.xxx --sport 53 -d xxx.xxx.xxx.xxx --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

	# NTP
	iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

	# Mail SMTP:25
	iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
	iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT

	# Mail IMAPS:993
	iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
	iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT

	# HTTP
	iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
	iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
	iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
	iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
	iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT

	# FTP
	iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
	iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
	iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# SVN
	#iptables -A INPUT -p tcp -i eht0 --dport 3690 -j ACCEPT

	# GIT
	#iptables -A OUTPUT -o eth0 -p tcp --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT
	#iptables -A INPUT -i eth0 -p tcp --sport 9418 -m state --state ESTABLISHED -j ACCEPT

	# WEBMIN
	iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT