Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- func_erase () {
- # Politicas por defecto
- /usr/sbin/iptables -P INPUT ACCEPT
- /usr/sbin/iptables -P FORWARD ACCEPT
- /usr/sbin/iptables -P OUTPUT ACCEPT
- # Flusheo de reglas y tablas
- /usr/sbin/iptables -t nat -F
- /usr/sbin/iptables -F
- /usr/sbin/iptables -X
- # Mostar como queda el firewall
- /usr/sbin/iptables -L
- }
- func_apply (){
- # Configuracion NAT
- /usr/sbin/iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
- /usr/sbin/iptables -A FORWARD -i enp0s3 -o enp0s8 -m state --state ESTABLISHED,RELATED -j ACCEPT
- /usr/sbin/iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
- # Reenvio de puertos ssh al host 190.0.0.4
- /usr/sbin/iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 2022 -j DNAT --to-destination 190.0.0.4:22
- /usr/sbin/iptables -A FORWARD -i enp0s3 -o enp0s8 -p tcp --dport 2022 -j ACCEPT
- # Reenvio de puertos ssh al host 190.0.0.15
- /usr/sbin/iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 3022 -j DNAT --to-destination 190.0.0.15:22
- /usr/sbin/iptables -A FORWARD -i enp0s3 -o enp0s8 -p tcp --dport 3022 -j ACCEPT
- # Reenvio de puertos http al host 190.0.0.4
- /usr/sbin/iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 80 -j DNAT --to-destination 190.0.0.4:80
- /usr/sbin/iptables -A FORWARD -i enp0s3 -o enp0s8 -p tcp --dport 80 -j ACCEPT
- # Mostrar estado actual
- /usr/sbin/iptables -L
- }
- argumento=$1
- case $argumento in
- "erase")
- func_erase
- ;;
- "apply")
- func_apply
- ;;
- "export")
- /usr/sbin/iptables-save
- ;;
- *)
- echo -e "\nModo de uso:\n\t$0 erase|apply|export\n"
- ;;
- esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement