logo

Network Security Rules

   

Added on  2019-09-30

3 Pages806 Words470 Views
 | 
 | 
 | 
#!/bin/bash## Interfaces, IP addresses and networks#INET_IF=eth1LAN_IF=eth0LAN=192.168.19.0/24Yosie=192.168.19.1Whitey=192.168.19.2Nounours=192.168.19.4Steve=202.12.89.8/29Amsat=130.226.195.220Omicron=130.226.195.126IPv6_Endpoint=64.71.128.80/29known_mac=00:04:23:64:5f:2c#iptables=/sbin/iptablesrcnetwork=/etc/init.d/net.$INET_IF## Ports#NETBIOS=135,137,138,139,445,1025DHCP=bootpcVoIP=3478,5060,8000,8001,4569,4520# stun sip rtp rtcp IAX2 DUNDiBittorrent=6881:6889## Stop the external IF while doing this#$rcnetwork stop## Clear possible old rules and chains#$iptables -F$iptables -F -t nat$iptables -X## Create the log-and-drop chain#$iptables -N LogAndDrop$iptables -A LogAndDrop -j LOG --log-prefix 'kernel: '$iptables -A LogAndDrop -j DROP## Chain for incoming ICMP#$iptables -N ICMP-in$iptables -A ICMP-in -p icmp --icmp-type echo-request -s $IPv6_Endpoint -j ACCEPT$iptables -A ICMP-in -p icmp --icmp-type echo-request -j DROP$iptables -A ICMP-in -p icmp \--icmp-type destination-unreachable -j ACCEPT$iptables -A ICMP-in -p icmp \--icmp-type source-quench -j ACCEPT$iptables -A ICMP-in -p icmp \--icmp-type time-exceeded -j ACCEPT$iptables -A ICMP-in -p icmp \--icmp-type parameter-problem -j ACCEPT$iptables -A ICMP-in -j DROP## INPUT chain## Accept established traffic and traffic from inside
Network Security Rules_1

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents