Ubuntu Sverige

Kod: Markera allt

#!/bin/sh

echo "running skrotis rc.firewall"
echo "..."

echo "iptables located"
#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/sbin/iptables

echo "flush existing rules"
$IPTABLES -F INPUT

echo "Allow data to come back"
#This allows all data that has been sent out for the computer running the firewall
# to come back
#(for all of ICMP/TCP/UDP).
#For example, if a ping request is made it will allow the reply back
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth1 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth1 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth1 -p udp

echo "Allow traffic from ethernet adapter eth1 to..."
#...pass through if
#you have a network, or
#as using linux as a router for internet etc.
#Your first ethernet card is eth0 and the second would be eth1 etc.
$IPTABLES -A INPUT -i eth0 -j ACCEPT

echo "Allow incoming FTP requests"
#$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT

echo "Allow incoming SSH requests"
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

echo "Allow incoming HTTP requests (to Web server)"
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT

echo "Allowed ports"
$IPTABLES -A INPUT -p tcp --dport 52000 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 52001 -j ACCEPT

echo "allow Ping echo"
#I have commented this line, so ping from an outside machine will not work.
#Uncomment the next line to make ping from outside work.
$IPTABLES -A INPUT -p icmp -j ACCEPT
$IPTABLES -A INPUT -p udp -j ACCEPT
$IPTABLES -A INPUT -p tcp -j ACCEPT

echo "skrotis own rules =)"
$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --dport 52000 -j DNAT --to 192.168.0.13:52000
$IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --dport 52001 -j DNAT --to 192.168.0.13:52001

echo "Drop all other connection attempts. Only connections defined above are allowed"
$IPTABLES -P INPUT DROP