https://www.slackwiki.com/index.php?title=Sdogi%27s_Script&action=history Revision history for this page on the wiki en MediaWiki 1.40.0 Wed, 08 Apr 2026 16:08:02 GMT https://www.slackwiki.com/index.php?title=Sdogi%27s_Script&diff=177&oldid=prev https://www.slackwiki.com/index.php?title=Sdogi%27s_Script&diff=177&oldid=prev <p>Copy from old</p> <p><b>New page</b></p><div>[[Category:Security]]<br /> &lt;pre&gt;# Internet + sharing<br /> adsl-start<br /> iptables -F<br /> iptables -X<br /> iptables -t nat -F<br /> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o &quot;ppp0&quot; -j MASQUERADE<br /> <br /> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT<br /> <br /> # BANNED FROM LOGS<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 445 -j DROP<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 135 -j DROP<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 139 -j DROP<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 113 -j REJECT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 2449 -j DROP<br /> <br /> # Forwarded or accepted<br /> iptables -t nat -PREROUTING -i &quot;ppp0&quot; -p tcp --dport 6002 -j DNAT --to 192.168.0.3<br /> iptables -t nat -A PREROUTING -i &quot;ppp0&quot; -p tcp --dport 1988 -j DNAT --to 192.168.0.2<br /> iptables -t nat -A PREROUTING -i &quot;ppp0&quot; -p udp --dport 1988 -j DNAT --to 192.168.0.2<br /> iptables -t nat -A PREROUTING -i &quot;ppp0&quot; -p tcp --dport 6666 -j DNAT --to 192.168.0.1:8000<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 1984 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 13931 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 8080 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 8001 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 8000 -j ACCEPT<br /> iptables -A INPUT -s 192.168.0.4 -p tcp --dport 6000 -j ACCEPT<br /> iptables -A INPUT -s 192.168.0.4 -p udp --dport 177 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 2086 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 31731 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 2000:2500 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 6881:6889 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 9176 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 2234 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 5534 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 80 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 21 -j ACCEPT<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 22 -j ACCEPT<br /> <br /> <br /> # Log everything else to messages and drop them(logging is not really good idea because<br /> # /var/log/messages can get full pretty fast. Look above for making them not show up in logs)<br /> <br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 1:65535 -j LOG<br /> iptables -A INPUT -i &quot;ppp0&quot; -p tcp --dport 1:65535 -j DROP<br /> &lt;/pre&gt;</div> Sat, 06 Jun 2009 23:20:26 GMT Erik https://www.slackwiki.com/Talk:Sdogi%27s_Script