Wiki

User Tools

Site Tools

Trace: basic_firewall
ubuntu:iptables:basic_firewall

Ubuntu - iptables - Basic Firewall

# Generated by iptables-save v1.4.2 on Wed Jun 10 19:58:15 2009
*filter
:INPUT ACCEPT [5193:1520500]
:FORWARD DROP [11:676]
:OUTPUT ACCEPT [3509:357891]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i eth1 -o eth1 -j ACCEPT
-A FORWARD -s 192.168.1.120/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -s 192.168.1.120/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Jun 10 19:58:15 2009
# Generated by iptables-save v1.4.2 on Wed Jun 10 19:58:15 2009
*nat
:PREROUTING ACCEPT [57513:4794059]
:POSTROUTING ACCEPT [28:2022]
:OUTPUT ACCEPT [14:922]
-A PREROUTING -s ! 192.168.1.120/32 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.120:8080
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.0.2.100
-A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.120/32 -o eth1 -j SNAT --to-source 192.168.1.1
COMMIT
# Completed on Wed Jun 10 19:58:15 2009
#!/bin/bash
 
  echo 1 > /proc/sys/net/ipv4/ip_forward
  modprobe nf_conntrack_ftp
  modprobe nf_nat_ftp
 
  iptables -F
  iptables -t nat -F
  iptables -A INPUT -i lo -j ACCEPT
  iptables -A INPUT -i eth1 -j ACCEPT
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 10.0.2.100
  iptables -t nat -A PREROUTING -d 10.0.2.100 -p tcp --dport 1001 -j DNAT --to-destination 192.168.2.121:22
  iptables -P INPUT DROP
#!/bin/sh
iptables -F INPUT
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
#iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
#iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
 
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 10.0.3.100 
#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
 
iptables -F FORWARD
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 500 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 4500 -j ACCEPT
#iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p esp -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT
 
iptables -A FORWARD -j REJECT
ubuntu/iptables/basic_firewall.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki