forked from freifunk-franken/firmware
46 lines
1.3 KiB
Plaintext
46 lines
1.3 KiB
Plaintext
|
#!/bin/sh
|
|||
|
|
#iptables -F
|
|||
|
|
#
|
|||
|
|
#iptables -P INPUT DROP
|
|||
|
|
#iptables -P OUTPUT DROP
|
|||
|
|
#iptables -P FORWARD DROP
|
|||
|
|
#
|
|||
|
|
#for proto in tcp udp
|
|||
|
|
#do
|
|||
|
|
# for port in 53 666 655
|
|||
|
|
# do
|
|||
|
|
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
|
|||
|
|
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
|
|||
|
|
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
|
|||
|
|
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
|
|||
|
|
# done
|
|||
|
|
#done
|
|||
|
|
#
|
|||
|
|
#iptables -A OUTPUT -p icmp -j ACCEPT
|
|||
|
|
#iptables -A INPUT -p icmp -j ACCEPT
|
|||
|
|
#
|
|||
|
|
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
|||
|
|
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
|
|||
|
|
#
|
|||
|
|
#
|
|||
|
|
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
|
|||
|
|
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
|
|||
|
|
|
|||
|
|
# mastersword.de
|
|||
|
|
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
|
|||
|
|
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
|
|||
|
|
|
|||
|
|
# gw1.freifunk-ol.de
|
|||
|
|
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
|
|||
|
|
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
|
|||
|
|
|
|||
|
|
# freifunk-ol.de
|
|||
|
|
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
|
|||
|
|
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
|
|||
|
|
|
|||
|
|
#Masquerade interface for gateway
|
|||
|
|
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|||
|
|
|
|||
|
|
#solves MTU problem with bad ISP´s
|
|||
|
|
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|