API tools faq
paste
Advertisement
D0cEvil

iptables - пример исполнения конфигурационного файла

D0cEvil
Dec 6th, 2022 (edited)
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.73 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #Iptables - пример исполнения конфигурационного файла
  2. #ps: камрад Pashutik, если ты это читаешь, пасиб за идейку с функциями
  3.  
  4. #!/bin/bash
  5.  
  6. fw_setup () {
  7.     lan_ip="192.168.100.0/24";
  8.     lan_int="enp0s3";
  9.     dns_ip="8.8.8.8"
  10. }
  11.  
  12. fw_clean () {
  13.     iptables -F;
  14.     iptables -X;
  15.     iptables -t nat -F;
  16.     iptables -t nat -X;
  17.     iptables -t mangle -F;
  18.     iptables -t mangle -X;
  19.     echo "Rules flushed...";
  20. }
  21. fw_policy () {
  22.     iptables -P INPUT DROP;
  23.     iptables -P FORWARD DROP;
  24.     iptables -P OUTPUT DROP;
  25.     echo "Set default Policy...";
  26. }
  27. fw_loopback () {
  28.     iptables -A INPUT -i lo -j ACCEPT;
  29.     iptables -A OUTPUT -o lo -j ACCEPT;
  30. }
  31. fw_sesions () {
  32.     iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT;
  33.     iptables -A OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT;
  34. }
  35. fw_attack () {
  36.     # Block zero-packets
  37.     iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP;
  38.     # Block XMAS
  39.     iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP;
  40.     # Block syn-flood
  41.     iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP;
  42. }
  43. fw_services () {
  44.     #
  45.     ###### INCOMING ######
  46.     #
  47.     # SSH
  48.     iptables -A INPUT -s $lan_ip -p tcp --dport 22 -j ACCEPT;
  49.     # HTTP
  50.     iptables -A INPUT -p tcp --dport 80 -j ACCEPT;
  51.     # HTTPS
  52.     iptables -A INPUT -p tcp --dport 443 -j ACCEPT;
  53.     # ICMP
  54.     iptables -A INPUT -p icmp -j ACCEPT;
  55.     #
  56.     #
  57.     ###### OUTGOING ######
  58.     #
  59.     #
  60.     # DNS requests
  61.     iptables -A OUTPUT -d $dns_ip -p udp --dport 53 -j ACCEPT;
  62.     # ICMP
  63.     iptables -A OUTPUT -p icmp -j ACCEPT;
  64.     # System updates
  65.     iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT;
  66.     iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT;
  67.     #
  68.     echo "All services configured...";
  69. }
  70. fw_undefined () {
  71.     iptables -N undef_in;
  72.     iptables -N undef_fw;
  73.     iptables -N undef_out;
  74.     iptables -A INPUT -j undef_in;
  75.     iptables -A FORWARD -j undef_fw;
  76.     iptables -A OUTPUT -j undef_out;
  77. }
  78. fw_logging () {
  79.     iptables -A undef_in -j LOG --log-level 7 --log-prefix "Iptables: DROP INPUT ";
  80.     iptables -A undef_in -j DROP;
  81.     iptables -A undef_fw -j LOG --log-level 7 --log-prefix "Iptables: DROP FORWARD ";
  82.     iptables -A undef_fw -j DROP;
  83.     iptables -A undef_out -j LOG --log-level 7 --log-prefix "Iptables: DROP OUTPUT ";
  84.     iptables -A undef_out -j DROP;
  85. }
  86. fw_save_rules () {
  87.     /sbin/service iptables save;
  88.     echo "New rules saved";
  89. }
  90. fw_config () {
  91.     fw_setup;
  92.     fw_clean;
  93.     fw_policy;
  94.     fw_loopback;
  95.     fw_sesions;
  96.     fw_attack;
  97.     fw_services;
  98.     fw_undefined;
  99.     fw_logging;
  100.     fw_save_rules;
  101. }
  102.  
  103. fw_config
  104.  
  105. exit
Tags: BASH iptables
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!