Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- EXT="ens33"
- INT="ens34"
- iptables -F INPUT
- iptables -F FORWARD
- iptables -F OUTPUT
- iptables -P INPUT DROP
- iptables -P OUTPUT DROP
- iptables -P FORWARD DROP
- # ALLOW SSH
- iptables -I INPUT -p tcp --dport 22 -j ACCEPT
- iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # NAT
- #iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXT -j MASQUERADE # Если оставить только это правило, то при наличии маршрута в сеть,
- #будет доступ мимо iptables
- iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- iptables -A FORWARD -m conntrack --ctstate NEW -i $INT -s 192.168.0.0/24 -j ACCEPT
- iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE
- # LOG
- iptables -A INPUT -j LOG --log-prefix "INPUT DROP: "
- iptables -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement