Advertisement
D0cEvil

iptables - NAT SSH

Sep 23rd, 2022 (edited)
107
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.87 KB | Cybersecurity | 0 0
  1. #!/bin/sh
  2. EXT="ens33"
  3. INT="ens34"
  4.  
  5. iptables -F INPUT
  6. iptables -F FORWARD
  7. iptables -F OUTPUT
  8.  
  9. iptables -P INPUT DROP
  10. iptables -P OUTPUT DROP
  11. iptables -P FORWARD DROP
  12.  
  13. # ALLOW SSH
  14.  
  15. iptables -I INPUT -p tcp --dport 22 -j ACCEPT
  16. iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  17.  
  18. # NAT
  19.  
  20. #iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXT -j MASQUERADE # Если оставить только это правило, то при наличии маршрута в сеть,
  21. #будет доступ мимо iptables
  22.  
  23. iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  24. iptables -A FORWARD -m conntrack --ctstate NEW -i $INT -s 192.168.0.0/24 -j ACCEPT
  25. iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE
  26.  
  27. # LOG
  28.  
  29. iptables -A INPUT -j LOG --log-prefix "INPUT DROP: "
  30. iptables -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement