Friday, June 09, 2006

Iptables example

#!/bin/bash
echo 0 > /proc/sys/net/ipv4/ip_forward

# load some modules (if needed)
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -X

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Open ports on router for server/services
#ping
iptables -A INPUT -j ACCEPT -p icmp
#web
iptables -A INPUT -j ACCEPT -p tcp --dport 80
#webs
iptables -A INPUT -j ACCEPT -p tcp --dport 443
#ftp
iptables -A INPUT -j ACCEPT -p tcp --dport 21
#pop3
iptables -A INPUT -j ACCEPT -p tcp --dport 110
#sendmail
iptables -A INPUT -j ACCEPT -p tcp --dport 25
#ssh
iptables -A INPUT -j ACCEPT -p tcp --dport 22
#bind dns
iptables -A INPUT -j ACCEPT -p tcp --dport 53
iptables -A INPUT -j ACCEPT -p udp --dport 53
#jboss
iptables -A INPUT -j ACCEPT -p tcp --dport 8080
#squid
iptables -A INPUT -j ACCEPT -p tcp --dport 5555
iptables -A INPUT -j ACCEPT -p udp --dport 5555
#usermin
iptables -A INPUT -j ACCEPT -p tcp --dport 20000
iptables -A INPUT -j ACCEPT -p udp --dport 20000
#webmin
iptables -A INPUT -j ACCEPT -p tcp --dport 10000
iptables -A INPUT -j ACCEPT -p udp --dport 10000
#bind
iptables -A INPUT -j ACCEPT -p udp --dport 32820

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

0 Comments:

Post a Comment

<< Home