iptables on etch
No commentsdbr:~# cat /etc/ppp/ip-up.d/iptrule
#!/bin/sh
#
# iptrules
#
LAN_NET=”192.168.0.0/24″
LAN_IF=”eth0″
DSL_IF=”ppp0″
SSH_P=”22″
WWW_P=”80″
FTP_P=”21″
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t nat -F
iptables -t filter -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o $DSL_IF -j MASQUERADE
iptables -t filter -A FORWARD -i $DSL_IF -o $LAN_IF -m state \
–state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i $LAN_IF -o $DSL_IF -j ACCEPT
iptables -t filter -A INPUT -p tcp –dport $SSH_P -j ACCEPT
iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET –dport 3000 \
-j ACCEPT
iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET –dport $WWW_P \
-j ACCEPT
iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET –dport $FTP_P \
-j ACCEPT
iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET -m state \
–state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -i $DSL_IF -m state \
–state RELATED,ESTABLISHED -j ACCEPT
Wednesday, September 26th, 2007 at 4:05 pm and is filed under Network, Note, Unix/Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.