linux/iptables-basic at master · scolomar/linux · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#!/bin/sh

local=127.0.0.1/32

for x in filter nat mangle raw;do for y in F X Z;do iptables -t $x -$y;done;done
case $1 in stop) for x in INPUT OUTPUT FORWARD;do iptables -P $x ACCEPT;iptables -A $x -j ACCEPT;done;exit 0;;esac

for x in INPUT OUTPUT FORWARD;do iptables -P $x DROP;done

for x in INPUT OUTPUT;do iptables -A $x -s $local -d $local -j ACCEPT;done

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT;iptables -A OUTPUT -p tcp -m tcp --sport 22 -m state --state RELATED,ESTABLISHED -j ACCEPT

for x in 22 37 53 80 123 443;do iptables -A INPUT -p tcp -m tcp --sport $x -m state --state RELATED,ESTABLISHED -j ACCEPT;iptables -A OUTPUT -p tcp -m tcp --dport $x -j ACCEPT;done

for x in 53 123;do iptables -A INPUT -p udp -m udp --sport $x -m state --state RELATED,ESTABLISHED -j ACCEPT;iptables -A OUTPUT -p udp -m udp --dport $x -j ACCEPT;done

for x in INPUT OUTPUT FORWARD;do iptables -A $x -j LOG;done
for x in INPUT OUTPUT FORWARD;do iptables -A $x -j DROP;done