1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
|
#!/bin/sh
# Vider les tables actuelles
iptables -t filter -F
# Vider les règles personnelles
iptables -t filter -X
# Interdire toute connexion entrante et sortante
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
# ---
# Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Autoriser loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
# ---
# SSH In
iptables -t filter -A INPUT -p tcp --dport xxxx -j ACCEPT
# SSH Out
iptables -t filter -A OUTPUT -p tcp --dport xxxx -j ACCEPT
# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
# NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
# HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
# HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
# FTP Out
iptables -t filter -A OUTPUT -p tcp --dport xx:xx -j ACCEPT
# FTP In
modprobe ip_conntrack_ftp # ligne facultative avec les serveurs OVH
iptables -t filter -A INPUT -p tcp --dport xx:xx -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# VPN
iptables -A OUTPUT -m state --state NEW -o eth0 -p tcp --dport 1723 --syn -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
# Transmission
iptables -t filter -A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT
iptables -t filter -A INPUT -p udp -m udp --dport 51413 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp -m tcp --dport 51413 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m udp --dport 51413 -j ACCEPT
# Interface Web Transmission
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT
# Announces trackers
iptables -t filter -A OUTPUT -p tcp --dport 56969 -j ACCEPT
#iptables -t filter -A OUTPUT -p udp --dport 9200 -j ACCEPT
# NAT loopback 192.168.0.1/32
iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6891:6899 -j DNAT --to 192.168.0.1
iptables -A PREROUTING -t nat -i ppp0 -p udp --dport 6890 -j DNAT --to 192.168.0.1
iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 6891:6899 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp --dport 6890 -j ACCEPT
iptables -A FORWARD -s 192.168.0.1/32 -o eth0 -j DROP
# Teamspeak 3 Licence
iptables -t filter -A INPUT -p tcp --dport 2008 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 2008 -j ACCEPT
# Teamspeak 3 File Transfer
iptables -t filter -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 30033 -j ACCEPT
# Teamspeak 3 Voice ports
iptables -t filter -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 9987 -j ACCEPT |
Partager