User Tools

Site Tools


iptables:basic_firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
iptables:basic_firewall [2016/11/10 15:57] peteriptables:basic_firewall [2019/11/29 16:38] (current) – removed peter
Line 1: Line 1:
-====== IPTables - Basic Firewall ====== 
  
-<code bash> 
-# Generated by iptables-save v1.4.2 on Wed Jun 10 19:58:15 2009 
-*filter 
-:INPUT ACCEPT [5193:1520500] 
-:FORWARD DROP [11:676] 
-:OUTPUT ACCEPT [3509:357891] 
--A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
--A FORWARD -p udp -m udp --dport 53 -j ACCEPT 
--A FORWARD -i eth1 -o eth1 -j ACCEPT 
--A FORWARD -s 192.168.1.120/32 -p tcp -m tcp --dport 443 -j ACCEPT 
--A FORWARD -s 192.168.1.120/32 -p tcp -m tcp --dport 80 -j ACCEPT 
--A FORWARD -j REJECT --reject-with icmp-port-unreachable 
-COMMIT 
-# Completed on Wed Jun 10 19:58:15 2009 
-# Generated by iptables-save v1.4.2 on Wed Jun 10 19:58:15 2009 
-*nat 
-:PREROUTING ACCEPT [57513:4794059] 
-:POSTROUTING ACCEPT [28:2022] 
-:OUTPUT ACCEPT [14:922] 
--A PREROUTING -s ! 192.168.1.120/32 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.120:8080 
--A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.0.2.100 
--A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.120/32 -o eth1 -j SNAT --to-source 192.168.1.1 
-COMMIT 
-# Completed on Wed Jun 10 19:58:15 2009 
-</code> 
- 
-<code bash> 
-#!/bin/bash 
-  
-  echo 1 > /proc/sys/net/ipv4/ip_forward 
-  modprobe nf_conntrack_ftp 
-  modprobe nf_nat_ftp 
-  
-  iptables -F 
-  iptables -t nat -F 
-  iptables -A INPUT -i lo -j ACCEPT 
-  iptables -A INPUT -i eth1 -j ACCEPT 
-  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-  iptables -A INPUT -p tcp --dport 22 -j ACCEPT 
-  iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 10.0.2.100 
-  iptables -t nat -A PREROUTING -d 10.0.2.100 -p tcp --dport 1001 -j DNAT --to-destination 192.168.2.121:22 
-  iptables -P INPUT DROP 
-</code> 
- 
-<code bash> 
-#!/bin/sh 
-iptables -F INPUT 
-iptables -P INPUT DROP 
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-iptables -A INPUT -i lo -j ACCEPT 
-iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT 
-#iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT 
-#iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT 
-iptables -A INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT 
-iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT 
-iptables -A INPUT -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT 
-  
-iptables -t nat -F POSTROUTING 
-iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 10.0.3.100  
-#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE 
-  
-iptables -F FORWARD 
-iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 80 -j ACCEPT 
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 443 -j ACCEPT 
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 53 -j ACCEPT 
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 500 -j ACCEPT 
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 4500 -j ACCEPT 
-#iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p esp -j ACCEPT 
-iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT 
-iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT 
-  
-iptables -A FORWARD -j REJECT 
-</code>   
iptables/basic_firewall.1478793432.txt.gz · Last modified: 2020/07/15 09:30 (external edit)

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki