Sdogi's Script

From SlackWiki
Jump to navigation Jump to search 
# Internet + sharing
adsl-start
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o "ppp0" -j MASQUERADE

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# BANNED FROM LOGS
iptables -A INPUT -i "ppp0" -p tcp --dport 445 -j DROP
iptables -A INPUT -i "ppp0" -p tcp --dport 135 -j DROP
iptables -A INPUT -i "ppp0" -p tcp --dport 139 -j DROP
iptables -A INPUT -i "ppp0" -p tcp --dport 113 -j REJECT
iptables -A INPUT -i "ppp0" -p tcp --dport 2449 -j DROP

# Forwarded or accepted
iptables -t nat -PREROUTING -i "ppp0" -p tcp --dport 6002 -j DNAT --to 192.168.0.3
iptables -t nat -A PREROUTING -i "ppp0" -p tcp --dport 1988 -j DNAT --to 192.168.0.2
iptables -t nat -A PREROUTING -i "ppp0" -p udp --dport 1988 -j DNAT --to 192.168.0.2
iptables -t nat -A PREROUTING -i "ppp0" -p tcp --dport 6666 -j DNAT --to 192.168.0.1:8000
iptables -A INPUT -i "ppp0" -p tcp --dport 1984 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 13931 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 8001 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -s 192.168.0.4 -p tcp --dport 6000 -j ACCEPT
iptables -A INPUT -s 192.168.0.4 -p udp --dport 177 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 2086 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 31731 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 2000:2500 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 6881:6889 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 9176 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 2234 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 5534 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 22 -j ACCEPT


# Log everything else to messages and drop them(logging is not really good idea because
# /var/log/messages can get full pretty fast. Look above for making them not show up in logs)

iptables -A INPUT -i "ppp0" -p tcp --dport 1:65535 -j LOG
iptables -A INPUT -i "ppp0" -p tcp --dport 1:65535 -j DROP
Retrieved from "https://www.slackwiki.com/index.php?title=Sdogi%27s_Script&oldid=177"