https://www.slackwiki.com/index.php?action=history&feed=atom&title=Dadexter_iptables 2026-04-08T17:44:05Z Revision history for this page on the wiki MediaWiki 1.40.0 https://www.slackwiki.com/index.php?title=Dadexter_iptables&diff=104&oldid=prev 2009-06-03T02:07:25Z

<p>Copy from old</p> <p><b>New page</b></p><div>* Script is based on another one I got here<br /> * allows connections to port 443 for web services<br /> * allows connections to port 8080 for ssh access<br /> * allows connections to port 8000 and 2323 for misc services (usually off anyway)<br /> <br /> <br /> #!/bin/sh<br /> <br /> # This is a very basic LAN NAT script, allowing only SSH to the firewall from<br /> # the external interface, allowing all outbound LAN traffic, and allowing only<br /> # established/related traffic back into the LAN.<br /> #<br /> # eth1 = external NIC (ISP)<br /> # eth0 = internal NIC (LAN)<br /> #<br /> # allows connections to port 443 for web services<br /> # allows connections to port 8080 for ssh access<br /> # allows connections to port 2323 and 8000 for internal forwarding, and shoutcast<br /> <br /> ipt=/usr/sbin/iptables<br /> extip=66.130.x.x # replace with your EXTERNAL IP - eth1<br /> lan=192.168.100.0/25 # your LAN CIDR range - eth0<br /> <br /> # start firewall<br /> start_firewall() {<br /> <br /> echo &quot;Enabling IP forwarding.&quot;<br /> echo 1 &gt; /proc/sys/net/ipv4/ip_forward<br /> <br /> echo &quot;Enabling iptables firewall.&quot;<br /> # default policies<br /> $ipt -P INPUT DROP<br /> $ipt -P FORWARD DROP<br /> <br /> # NAT<br /> $ipt -t nat -A POSTROUTING -o eth1 -j SNAT --to-source $extip<br /> <br /> # INPUT chain<br /> $ipt -A INPUT -i lo -j ACCEPT<br /> $ipt -A INPUT -i eth0 -s $lan -j ACCEPT<br /> $ipt -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> $ipt -A INPUT -p tcp --destination-port 8080 -j ACCEPT<br /> $ipt -A INPUT -p tcp --destination-port 443 -j ACCEPT<br /> $ipt -A INPUT -p tcp --destination-port 8000 -j ACCEPT<br /> $ipt -A INPUT -p tcp --destination-port 2323 -j ACCEPT<br /> <br /> # FORWARD chain<br /> $ipt -A FORWARD -i eth0 -s $lan -j ACCEPT<br /> $ipt -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> <br /> }<br /> <br /> # stop firewall<br /> stop_firewall() {<br /> <br /> $ipt -P INPUT DROP<br /> $ipt -P OUTPUT DROP<br /> $ipt -P FORWARD DROP<br /> # allow internal traffic<br /> $ipt -A INPUT -i eth0 -j ACCEPT<br /> $ipt -A OUTPUT -o eth0 -j ACCEPT<br /> <br /> }<br /> <br /> # flushing, removing and zeroing tables<br /> reset_firewall() {<br /> <br /> chains=`cat /proc/net/ip_tables_names`<br /> for i in $chains; do<br /> $debug $ipt -t $i -F<br /> $debug $ipt -t $i -X<br /> $debug $ipt -t $i -Z<br /> done<br /> <br /> }<br /> <br /> case &quot;$1&quot; in<br /> <br /> start|restart|reload)<br /> reset_firewall<br /> start_firewall<br /> ;;<br /> stop)<br /> reset_firewall<br /> stop_firewall<br /> ;;<br /> *)<br /> echo &quot;Usage: $0 {start|stop|restart|reload}&quot;;<br /> exit 1<br /> ;;<br /> <br /> esac<br /> <br /> <br /> [[Category:Security]]</div>

Erik