Differences

This shows you the differences between two versions of the page.

--- iptables:basic_firewall [2016/11/10 15:57] – peter
+++ iptables:basic_firewall [2019/11/29 16:38] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== IPTables - Basic Firewall ======
-<code bash>
-# Generated by iptables-save v1.4.2 on Wed Jun 10 19:58:15 2009
-*filter
-:INPUT ACCEPT [5193:1520500]
-:FORWARD DROP [11:676]
-:OUTPUT ACCEPT [3509:357891]
--A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -p udp -m udp --dport 53 -j ACCEPT
--A FORWARD -i eth1 -o eth1 -j ACCEPT
--A FORWARD -s 192.168.1.120/32 -p tcp -m tcp --dport 443 -j ACCEPT
--A FORWARD -s 192.168.1.120/32 -p tcp -m tcp --dport 80 -j ACCEPT
--A FORWARD -j REJECT --reject-with icmp-port-unreachable
-COMMIT
-# Completed on Wed Jun 10 19:58:15 2009
-# Generated by iptables-save v1.4.2 on Wed Jun 10 19:58:15 2009
-*nat
-:PREROUTING ACCEPT [57513:4794059]
-:POSTROUTING ACCEPT [28:2022]
-:OUTPUT ACCEPT [14:922]
--A PREROUTING -s ! 192.168.1.120/32 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.120:8080
--A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.0.2.100
--A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.120/32 -o eth1 -j SNAT --to-source 192.168.1.1
-COMMIT
-# Completed on Wed Jun 10 19:58:15 2009
-</code>
-<code bash>
-#!/bin/bash
-  echo 1 > /proc/sys/net/ipv4/ip_forward
-  modprobe nf_conntrack_ftp
-  modprobe nf_nat_ftp
-  iptables -F
-  iptables -t nat -F
-  iptables -A INPUT -i lo -j ACCEPT
-  iptables -A INPUT -i eth1 -j ACCEPT
-  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-  iptables -A INPUT -p tcp --dport 22 -j ACCEPT
-  iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 10.0.2.100
-  iptables -t nat -A PREROUTING -d 10.0.2.100 -p tcp --dport 1001 -j DNAT --to-destination 192.168.2.121:22
-  iptables -P INPUT DROP
-</code>
-<code bash>
-#!/bin/sh
-iptables -F INPUT
-iptables -P INPUT DROP
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A INPUT -i lo -j ACCEPT
-iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
-#iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-#iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
-iptables -A INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT
-iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
-iptables -A INPUT -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
-iptables -t nat -F POSTROUTING
-iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 10.0.3.100
-#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
-iptables -F FORWARD
-iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 80 -j ACCEPT
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 443 -j ACCEPT
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 53 -j ACCEPT
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 500 -j ACCEPT
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 4500 -j ACCEPT
-#iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p esp -j ACCEPT
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
-iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT
-iptables -A FORWARD -j REJECT
-</code>