Created
February 6, 2012 15:49
-
-
Save stas/1752789 to your computer and use it in GitHub Desktop.
iptables boilerplate, because no one did this till now
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IFNET="eth0" | |
| IPNET="8.8.8.8" | |
| PORTS="20 21 25 80 8000 8888 12000 12001 12002 12003" | |
| BANLIST="64.205.0.18" | |
| if [ "$1" = "start" ]; then | |
| echo "Starting firewall..." | |
| iptables -P INPUT DROP | |
| iptables -A INPUT ! -i ${IFNET} -j ACCEPT | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A INPUT -p icmp -j ACCEPT | |
| iptables -A OUTPUT -p icmp -j ACCEPT | |
| for i in ${PORTS}; do | |
| iptables -A INPUT -p tcp --dport ${i} -m state --state NEW -j ACCEPT | |
| done | |
| for ip in ${BANLIST}; do | |
| iptables -A INPUT -s ${ip} -j DROP | |
| done | |
| iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
| fi # end if start | |
| if [ "$1" = "stop" ]; then | |
| echo "Bringing down firewall..." | |
| iptables -F | |
| iptables -X | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| iptables -t mangle -F | |
| iptables -t mangle -X | |
| iptables -P INPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| fi # end if stop | |
| if [ "$1" = "restart" ]; then | |
| $0 stop | |
| $0 start | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment