Re: Where to store iptables script
Jacob Friis Larsen <jfl@list.idg.dk> writes:
> By the help of http://iptables-script.dk/ I have created the script below.
> Where should I store it?
You can put it, for example in /usr/local/bin/foobar.sh and then add:
pre-up /usr/local/bin/foobar.sh
> And does it look ok?
I don't know that much :-)
> Thanks, Jacob
>
>
> #!/bin/sh
>
> # Disable forwarding
> echo 0 > /proc/sys/net/ipv4/ip_forward
>
> # load some modules (if needed)
> modprobe ip_nat_ftp
> modprobe ip_conntrack_ftp
>
> # Flush
> iptables -t nat -F POSTROUTING
> iptables -t nat -F PREROUTING
> iptables -t nat -F OUTPUT
> iptables -F
>
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT ACCEPT
>
> #localhost
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> # Open ports on router for server/services
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21
> iptables -A INPUT -j ACCEPT -p tcp --dport 22
> iptables -A INPUT -j ACCEPT -p tcp --dport 25
> iptables -A INPUT -j ACCEPT -p tcp --dport 80
> iptables -A INPUT -j ACCEPT -p tcp --dport 143
> iptables -A INPUT -j ACCEPT -p tcp --dport 993
>
> # STATE RELATED for router
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # Enable forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
Bye,
Jorge
Reply to: