Probleme de règles IpTables

**Sparky95** · 02/10/2019, 02h03

Bonjour, bonsoir,
Voici mon script pour ma gestion de parfeu

Code mon script iptables :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/sh -e                                                                                                                                                                                                                                                            [20/1606]
 
BLUE="\\033[1;34m"                         
GREEN="\\033[1;32m"                         
RED="\\033[1;31m"                                                                                                                       
WHITE="\\033[0;39m"                                                                                                                     
YELLOW="\\033[1;33m"                                                                                                                    
 
case "$1" in
    'start') 
        #_____________________________________________________________________________________________________
        echo -e """$BLUE""**************""$GREEN"" Initializing Iptables... """$BLUE""**************""$WHITE""
        #_____________________________________________________________________________________________________
        #__________________________________________________________________________________
        echo -e "Loading basic rules                            [""$GREEN"" OK ""$WHITE""]"
        #__________________________________________________________________________________
        ###########################>- FILTERING -<###########################
        #OpenVPN
        iptables -A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT 
        iptables -A INPUT -i tun0 -j ACCEPT
        iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
        iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
        #>- Global policy -<#
        iptables -t filter -P INPUT DROP
        iptables -t filter -P OUTPUT ACCEPT
        iptables -t filter -P FORWARD DROP
        #>- make the server pingable -<#
        iptables -t filter -A INPUT -p icmp --icmp-type echo-request -m limit --limit 10/sec -j ACCEPT
        #>- allow local loopback connections -<#
        iptables -t filter -A INPUT -i lo -j ACCEPT
        #>- drop INVALID connections -<#
        iptables -t filter -A INPUT -m state --state INVALID -j DROP 
        iptables -t filter -A OUTPUT -m state --state INVALID -j DROP
        iptables -t filter -A FORWARD -m state --state INVALID -j DROP
        #>- allow all established and related -<#
        iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
        #>- allow access to services by opening ports -<#
        iptables -t filter -A INPUT -p tcp -m tcp --dport    22 -j ACCEPT       #ssh
        iptables -t filter -A INPUT -p tcp -m tcp --dport    80 -j ACCEPT       #WEB
        iptables -t filter -A INPUT -p tcp -m tcp --dport  9987 -j ACCEPT       #WEB ts
        iptables -t filter -A INPUT -p udp -m udp --dport  9987 -j ACCEPT       #ts
        iptables -t filter -A INPUT -p tcp -m tcp --dport 10101 -j ACCEPT       #Query TeaSpeak
        iptables -t filter -A INPUT -p tcp -m tcp --dport 30303 -j ACCEPT       #Query TeaSpeak
        #iptables -t nat -I PREROUTING -p udp --dport 9988 -j REDIRECT --to-port 9987 #redirection port
        #####################################################################
        #_____________________________________________________________________________________________________
        echo -e """$BLUE""*********""$GREEN"" Iptables successfully initialized ! """$BLUE""********""$WHITE""
        #_____________________________________________________________________________________________________
        ;;
 
    'stop')
        #_______________________________________________________________________________________________________
        echo -e """$YELLOW""***************""$RED"" Disabling Iptables... """$YELLOW""****************""$WHITE""
        #_______________________________________________________________________________________________________
        #________________________________________________________________________________
        echo -e "Flushing configuration                         [""$RED"" OK ""$WHITE""]"
        #________________________________________________________________________________
        ###########################>- CLEANING -<############################
        # Flushing all tables & Zeroing the packet and byte counters 
        iptables -t filter -F
        iptables -t nat -F
        iptables -t mangle -F
        iptables -t raw -F
        iptables -t filter -Z
        iptables -t nat -Z
        iptables -t mangle -Z
        iptables -t raw -Z
        iptables -P INPUT ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P OUTPUT ACCEPT
        iptables -t nat -F
        iptables -t mangle -F
        iptables -F
        iptables -X
        #####################################################################
        #________________________________________________________________________________
        echo -e "Setting default policy to ACCEPT               [""$RED"" OK ""$WHITE""]"
        #________________________________________________________________________________
        #########################>- POLICY -<################################
        iptables -t filter -P INPUT ACCEPT
        iptables -t filter -P OUTPUT ACCEPT
        iptables -t filter -P FORWARD ACCEPT
        #####################################################################
        #_______________________________________________________________________________________________________
        echo -e """$YELLOW""***********""$RED"" Iptables successfuly disabled ! """$YELLOW""**********""$WHITE""
        #_______________________________________________________________________________________________________
        ;;
 
    'status')
        iptables -nL
        ;;
 
    'restart')
        bash ${0} stop
        bash ${0} start
        echo restart compleat
        ;;
 
    *)
        echo "Usage: ${0} {start|stop|status|restart}"
        ;;
esac

Voici le resultat iptables => iptables-save > mon fichier

Code Mon résultat de table :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Generated by iptables-save v1.4.21 on Wed Oct  2 01:46:52 2019
*raw
:PREROUTING ACCEPT [9658:1154360]
:OUTPUT ACCEPT [5364:1018346]
COMMIT
# Completed on Wed Oct  2 01:46:52 2019
# Generated by iptables-save v1.4.21 on Wed Oct  2 01:46:52 2019
*mangle
:PREROUTING ACCEPT [9658:1154360]
:INPUT ACCEPT [5379:586928]
:FORWARD ACCEPT [4279:567432]
:OUTPUT ACCEPT [5364:1018346]
:POSTROUTING ACCEPT [9643:1585778]
COMMIT
# Completed on Wed Oct  2 01:46:52 2019
# Generated by iptables-save v1.4.21 on Wed Oct  2 01:46:52 2019
*filter
:INPUT DROP [1345:91679]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [72:5304]
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 10/sec -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9987 -j ACCEPT
-A INPUT -p udp -m udp --dport 9987 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10101 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 30303 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Oct  2 01:46:52 2019
# Generated by iptables-save v1.4.21 on Wed Oct  2 01:46:52 2019
*nat
:PREROUTING ACCEPT [382:45343]
:INPUT ACCEPT [41:2412]
:OUTPUT ACCEPT [61:4514]
:POSTROUTING ACCEPT [61:4514]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Oct  2 01:46:52 2019

lorsque j'exécute mon script, je n'arrives plus avec mon vpn à faire des recherches extérieurs ex. google.com n'est plus accessible.
Par contre lorsque j'execute mon script qu'ensuite j'enregistre les règles iptables iptables-save et qu'ensuite je le rechages iptables-load la cela fonctionnes. Pourquoi?
temps qu'on y est je veux bien un feedback sur mon script.
Merci

Probleme de règles IpTables

Réseau

Mode arborescent

Discussions similaires

Partager

Partager