1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
|
#!/bin/sh -e
BLUE="\\033[1;34m"
GREEN="\\033[1;32m"
RED="\\033[1;31m"
WHITE="\\033[0;39m"
YELLOW="\\033[1;33m"
case "$1" in
'start')
#_____________________________________________________________________________________________________
echo -e """$BLUE""**************""$GREEN"" Initializing Iptables... """$BLUE""**************""$WHITE""
#_____________________________________________________________________________________________________
#__________________________________________________________________________________
echo -e "Loading basic rules [""$GREEN"" OK ""$WHITE""]"
#__________________________________________________________________________________
###################################>- FILTERING -<####################################
#>- Global policy -<#
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
#>- make the server pingable -<#
iptables -t filter -A INPUT -p icmp --icmp-type echo-request -m limit --limit 10/sec -j ACCEPT
#>- allow local loopback connections -<#
iptables -t filter -A INPUT -i lo -j ACCEPT
#>- drop INVALID connections -<#
iptables -t filter -A INPUT -m state --state INVALID -j DROP
iptables -t filter -A OUTPUT -m state --state INVALID -j DROP
iptables -t filter -A FORWARD -m state --state INVALID -j DROP
#>- allow all established and related -<#
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#>- allow access to services by opening ports -<#
#iptables -t filter -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #OpenVPN
#iptables -t filter -A INPUT -p udp -m udp --dport 22 -j ACCEPT #OpenVPN
iptables -t filter -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #ssh
#iptables -t filter -A INPUT -p udp -m udp --dport 123 -j ACCEPT #OpenVPN
#iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #WEB
#iptables -t filter -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #WEB
#iptables -t filter -A INPUT -p tcp -m tcp --dport 2020 -j ACCEPT #ts WEB
iptables -t filter -A INPUT -p udp -m udp --dport 2020 -j ACCEPT #ts Cozy
#iptables -t filter -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT #WASDspace
#iptables -t filter -A INPUT -p tcp -m tcp --dport 8112 -j ACCEPT #DELUGE
#iptables -t filter -A INPUT -p tcp -m tcp --dport 8123 -j ACCEPT #Minecraft - dynmap
#iptables -t filter -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT #WEB ts
iptables -t filter -A INPUT -p udp -m udp --dport 8888 -j ACCEPT #ts Default
#iptables -t filter -A INPUT -p tcp -m tcp --dport 9987 -j ACCEPT #WEB ts
#iptables -t filter -A INPUT -p udp -m udp --dport 9987 -j ACCEPT #ts Default
#iptables -t filter -A INPUT -p tcp -m tcp --dport 9888 -j ACCEPT #WEB ts
iptables -t filter -A INPUT -p udp -m udp --dport 9888 -j ACCEPT #ts TOZ
#iptables -t filter -A INPUT -p tcp -m tcp --dport 9988 -j ACCEPT #WEB ts
iptables -t filter -A INPUT -p udp -m udp --dport 9988 -j ACCEPT #ts TOZ
#iptables -t filter -A INPUT -p tcp -m tcp --dport 9998 -j ACCEPT #WEB ts
iptables -t filter -A INPUT -p udp -m udp --dport 9998 -j ACCEPT #ts LEX
#iptables -t filter -A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT #WEB ts
#iptables -t filter -A INPUT -p udp -m udp --dport 9999 -j ACCEPT #ts LEX
iptables -t filter -A INPUT -p tcp -m tcp --dport 10101 -j ACCEPT #Query TeaSpeak
iptables -t filter -A INPUT -p tcp -m tcp --dport 30303 -j ACCEPT #Query TeaSpeak
#iptables -t filter -A INPUT -p tcp -m tcp --dport 15685 -j ACCEPT #ts mahmoud
iptables -t filter -A INPUT -p udp -m udp --dport 15685 -j ACCEPT #ts mahmoud
iptables -t filter -A INPUT -p tcp -m tcp --dport 32400 -j ACCEPT #Plex
#iptables -t filter -A INPUT -p tcp -m tcp --dport 32400 -m iprange --src-range 10.8.0.1-10.8.255.255 -j ACCEPT #Plex
#iptables -t filter -A INPUT -p tcp -m tcp --dport 58913 -j ACCEPT #WEBPANELBOT
#OpenVPN
iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
#ACCEPT CONNECTION ONLY FROM
#iptables -A INPUT -p tcp --dport 80 -s 10.8.0.2 -j ACCEPT #HTTP
#iptables -A INPUT -p tcp --dport 443 -s 10.8.0.2 -j ACCEPT #HTTPS
#iptables -A INPUT -p tcp --dport 8112 -s 10.8.0.2 -j ACCEPT #DELUGE
#redirection de port
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 9999 -j REDIRECT --to-port 9998
#DROPED IP
iptables -I INPUT -s 46.105.112.65 -j DROP #Teamspeak - Blacklist
iptables -I INPUT -s 222.186.190.92 -j DROP #Brute force tentative
######################################################################################################
#_____________________________________________________________________________________________________
echo -e """$BLUE""*********""$GREEN"" Iptables successfully initialized ! """$BLUE""********""$WHITE""
#_____________________________________________________________________________________________________
;;
'stop')
#_______________________________________________________________________________________________________
echo -e """$YELLOW""***************""$RED"" Disabling Iptables... """$YELLOW""****************""$WHITE""
#_______________________________________________________________________________________________________
#________________________________________________________________________________
echo -e "Flushing configuration [""$RED"" OK ""$WHITE""]"
#________________________________________________________________________________
###########################>- CLEANING -<############################
# Flushing all tables & Zeroing the packet and byte counters
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
#####################################################################
#________________________________________________________________________________
echo -e "Setting default policy to ACCEPT [""$RED"" OK ""$WHITE""]"
#________________________________________________________________________________
#########################>- POLICY -<################################
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
#####################################################################
#_______________________________________________________________________________________________________
echo -e """$YELLOW""***********""$RED"" Iptables successfuly disabled ! """$YELLOW""**********""$WHITE""
#_______________________________________________________________________________________________________
;;
'status')
iptables -nL
;;
'listen')
netstat -ntp
;;
'restart')
bash ${0} stop
bash ${0} start
echo "restart compleat"
;;
*)
echo "Usage: ${0} {start|stop|status|listen|restart}"
;;
esac |