2011-03-23 14:59:44 +01:00
|
|
|
|
#!/bin/sh
|
|
|
|
|
#iptables -F
|
|
|
|
|
#
|
|
|
|
|
#iptables -P INPUT DROP
|
|
|
|
|
#iptables -P OUTPUT DROP
|
|
|
|
|
#iptables -P FORWARD DROP
|
|
|
|
|
#
|
|
|
|
|
#for proto in tcp udp
|
|
|
|
|
#do
|
|
|
|
|
# for port in 53 666 655
|
|
|
|
|
# do
|
|
|
|
|
# iptables -A OUTPUT -p $proto --dport $port -j ACCEPT
|
|
|
|
|
# iptables -A OUTPUT -p $proto --sport $port -j ACCEPT
|
|
|
|
|
# iptables -A INPUT -p $proto --dport $port -j ACCEPT
|
|
|
|
|
# iptables -A INPUT -p $proto --sport $port -j ACCEPT
|
|
|
|
|
# done
|
|
|
|
|
#done
|
|
|
|
|
#
|
|
|
|
|
#iptables -A OUTPUT -p icmp -j ACCEPT
|
|
|
|
|
#iptables -A INPUT -p icmp -j ACCEPT
|
|
|
|
|
#
|
|
|
|
|
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
|
|
|
|
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
#iptables -A OUTPUT -p tcp --sport 1024: -j ACCEPT
|
|
|
|
|
#iptables -A OUTPUT -p udp --sport 1024: -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# mastersword.de
|
|
|
|
|
#iptables -A OUTPUT -p tcp -d 78.46.215.78 -j ACCEPT
|
|
|
|
|
#iptables -A INPUT -p tcp -s 78.46.215.78 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# gw1.freifunk-ol.de
|
|
|
|
|
#iptables -A OUTPUT -p tcp -d 178.33.33.102 -j ACCEPT
|
|
|
|
|
#iptables -A INPUT -p tcp -s 178.33.33.102 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
# freifunk-ol.de
|
|
|
|
|
#iptables -A OUTPUT -p tcp -d 178.33.33.208 -j ACCEPT
|
|
|
|
|
#iptables -A INPUT -p tcp -s 178.33.33.208 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
#Masquerade interface for gateway
|
|
|
|
|
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
|
|
|
|
|
|
#solves MTU problem with bad ISP´s
|
|
|
|
|
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
2012-09-30 11:26:11 +02:00
|
|
|
|
|
|
|
|
|
# Wenn ein router direkt am Netz hängt, ist er auch ssh Angriffen ausgesetzt.
|
|
|
|
|
# Das wirkt bei kleinen Geräten wir ein DOS
|
|
|
|
|
iptables -I INPUT -i eth0.2 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
|
iptables -I INPUT -i eth0.2 -j DROP
|