Re: Where to store iptables script

Jorge Santos Tue, 24 Aug 2004 11:32:16 -0700

Jacob Friis Larsen <[EMAIL PROTECTED]> writes:

> By the help of http://iptables-script.dk/ I have created the script below.
> Where should I store it?


You can put it, for example in /usr/local/bin/foobar.sh and then add:

pre-up /usr/local/bin/foobar.sh

> And does it look ok?

I don't know that much :-)

> Thanks, Jacob
>
>
> #!/bin/sh
>
> # Disable forwarding
> echo 0 > /proc/sys/net/ipv4/ip_forward
>
> # load some modules (if needed)
> modprobe ip_nat_ftp
> modprobe ip_conntrack_ftp
>
> # Flush
> iptables -t nat -F POSTROUTING
> iptables -t nat -F PREROUTING
> iptables -t nat -F OUTPUT
> iptables -F
>
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT ACCEPT
>
> #localhost
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> # Open ports on router for server/services
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21
> iptables -A INPUT -j ACCEPT -p tcp --dport 22
> iptables -A INPUT -j ACCEPT -p tcp --dport 25
> iptables -A INPUT -j ACCEPT -p tcp --dport 80
> iptables -A INPUT -j ACCEPT -p tcp --dport 143
> iptables -A INPUT -j ACCEPT -p tcp --dport 993
>
> # STATE RELATED for router
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # Enable forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
>

Bye,
Jorge


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Where to store iptables script

Reply via email to