setup/init-iptables.sh aktualisiert
This commit is contained in:
ageissler
@@ -1 +1,31 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
###############################################################
|
||||||
|
###
|
||||||
|
### iptables konfig
|
||||||
|
###
|
||||||
|
###############################################################
|
||||||
|
apt -y install iptables iptables-persistent
|
||||||
|
touch /etc/iptables/rules.v4
|
||||||
|
ln -s /etc/iptables/rules.v4 /etc/network/iptables.up.rules
|
||||||
|
echo '# Generated by install script
|
||||||
|
*filter
|
||||||
|
:INPUT DROP [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -m comment --comment "existing connections"
|
||||||
|
-A INPUT -d 127.0.0.0/8 -j ACCEPT -m comment --comment "connects to myself"
|
||||||
|
-A INPUT -p icmp -j ACCEPT -m comment --comment "allow ping"
|
||||||
|
-A INPUT -s 10.0.0.0/8 -j ACCEPT -m comment --comment "private sources"
|
||||||
|
-A INPUT -s 192.168.0.0/16 -j ACCEPT -m comment --comment "private sources"
|
||||||
|
-A INPUT -s 172.16.0.0/12 -j ACCEPT -m comment --comment "private sources"
|
||||||
|
-A INPUT -s 195.20.133.0/24 -j ACCEPT -m comment --comment "CONET sources"
|
||||||
|
-A INPUT -s 149.13.94.0/24 -j ACCEPT -m comment --comment "CONET sources"
|
||||||
|
-A INPUT -s 92.50.110.208/29 -j ACCEPT -m comment --comment "CONET sources"
|
||||||
|
-A INPUT -p tcp -m tcp --dport 22 -j DROP -m comment --comment "drop unknown ssh"
|
||||||
|
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables: " --log-level 7 -m comment --comment "log other traffic ..."
|
||||||
|
-A INPUT -j ACCEPT -m comment --comment "... and drop nothing, config not finished"
|
||||||
|
COMMIT
|
||||||
|
# Completed
|
||||||
|
' > /etc/iptables/rules.v4
|
||||||
|
iptables-apply
|
||||||
Reference in New Issue
Block a user