Sdogi's Script

From SlackWiki
Revision as of 23:20, 6 June 2009 by Erik (talk | contribs) (Copy from old)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
# Internet + sharing
adsl-start
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o "ppp0" -j MASQUERADE

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# BANNED FROM LOGS
iptables -A INPUT -i "ppp0" -p tcp --dport 445 -j DROP
iptables -A INPUT -i "ppp0" -p tcp --dport 135 -j DROP
iptables -A INPUT -i "ppp0" -p tcp --dport 139 -j DROP
iptables -A INPUT -i "ppp0" -p tcp --dport 113 -j REJECT
iptables -A INPUT -i "ppp0" -p tcp --dport 2449 -j DROP

# Forwarded or accepted
iptables -t nat -PREROUTING -i "ppp0" -p tcp --dport 6002 -j DNAT --to 192.168.0.3
iptables -t nat -A PREROUTING -i "ppp0" -p tcp --dport 1988 -j DNAT --to 192.168.0.2
iptables -t nat -A PREROUTING -i "ppp0" -p udp --dport 1988 -j DNAT --to 192.168.0.2
iptables -t nat -A PREROUTING -i "ppp0" -p tcp --dport 6666 -j DNAT --to 192.168.0.1:8000
iptables -A INPUT -i "ppp0" -p tcp --dport 1984 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 13931 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 8001 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 8000 -j ACCEPT
iptables -A INPUT -s 192.168.0.4 -p tcp --dport 6000 -j ACCEPT
iptables -A INPUT -s 192.168.0.4 -p udp --dport 177 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 2086 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 31731 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 2000:2500 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 6881:6889 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 9176 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 2234 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 5534 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i "ppp0" -p tcp --dport 22 -j ACCEPT


# Log everything else to messages and drop them(logging is not really good idea because
# /var/log/messages can get full pretty fast. Look above for making them not show up in logs)

iptables -A INPUT -i "ppp0" -p tcp --dport 1:65535 -j LOG
iptables -A INPUT -i "ppp0" -p tcp --dport 1:65535 -j DROP
Retrieved from "https://www.slackwiki.com/index.php?title=Sdogi%27s_Script&oldid=177"