https://www.slackwiki.com/index.php?action=history&feed=atom&title=Sdogi%27s_Script
Sdogi's Script - Revision history
2026-04-08T16:07:03Z
Revision history for this page on the wiki
MediaWiki 1.40.0
https://www.slackwiki.com/index.php?title=Sdogi%27s_Script&diff=177&oldid=prev
Erik: Copy from old
2009-06-06T23:20:26Z
<p>Copy from old</p>
<p><b>New page</b></p><div>[[Category:Security]]<br />
<pre># Internet + sharing<br />
adsl-start<br />
iptables -F<br />
iptables -X<br />
iptables -t nat -F<br />
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o "ppp0" -j MASQUERADE<br />
<br />
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT<br />
<br />
# BANNED FROM LOGS<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 445 -j DROP<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 135 -j DROP<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 139 -j DROP<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 113 -j REJECT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 2449 -j DROP<br />
<br />
# Forwarded or accepted<br />
iptables -t nat -PREROUTING -i "ppp0" -p tcp --dport 6002 -j DNAT --to 192.168.0.3<br />
iptables -t nat -A PREROUTING -i "ppp0" -p tcp --dport 1988 -j DNAT --to 192.168.0.2<br />
iptables -t nat -A PREROUTING -i "ppp0" -p udp --dport 1988 -j DNAT --to 192.168.0.2<br />
iptables -t nat -A PREROUTING -i "ppp0" -p tcp --dport 6666 -j DNAT --to 192.168.0.1:8000<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 1984 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 13931 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 8080 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 8001 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 8000 -j ACCEPT<br />
iptables -A INPUT -s 192.168.0.4 -p tcp --dport 6000 -j ACCEPT<br />
iptables -A INPUT -s 192.168.0.4 -p udp --dport 177 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 2086 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 31731 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 2000:2500 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 6881:6889 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 9176 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 2234 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 5534 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 80 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 21 -j ACCEPT<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 22 -j ACCEPT<br />
<br />
<br />
# Log everything else to messages and drop them(logging is not really good idea because<br />
# /var/log/messages can get full pretty fast. Look above for making them not show up in logs)<br />
<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 1:65535 -j LOG<br />
iptables -A INPUT -i "ppp0" -p tcp --dport 1:65535 -j DROP<br />
</pre></div>
Erik