PDA

View Full Version : iptables -tasso (nel senso che non ce la posso fare)


Tass O Mann
18-07-2003, 00:45
#!/bin/sh

echo "################################################## ###########"
echo "#### F i r e w a l l d e l T a s s o m a n ! ####"
echo "#### O t t i m i z z a t o p e r F a s t w e b ! ####"
echo "#### ####"
echo "#### 0) Svuoto le iptables ####"
iptables --flush
iptables --zero
iptables --delete-chain

echo "#### 1) Attivo NAT e FORWARDING ####"
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

echo "#### 7) Permetto la fagiolata interna (eth1) ####"
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT

echo "#### 2) BLOCCO TUTTO ####"
iptables -P INPUT DROP
iptables -P FORWARD DROP

#echo "#### 3) Blocco le connessioni new o invalide (opzionale) ####"
#iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
#iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP

echo "#### 4) CONSENTO LE CONNEX ATTIVE ####"
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset

echo "#### 5) Consento il loopback ####"
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

echo "#### 6) Attivo i servizi ####"
echo "#### Web: 80 ####"
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
echo "#### Shoutcast: 8000 ####"
iptables -A INPUT -p tcp --dport 8000 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 8000 -i eth0 -j ACCEPT
echo "#### Ftp: 21 ####"
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
echo "#### ####"
echo "#### FINE ####"
echo "################################################## ###########"


Secondo voi, cosa c' che non va? :scratch:
Mi sembra bellino.. e sicuro! :gha:

Talmente sicuro che non esco fuori :silly:

Commenti? Proposte? Offese? Consigli? Insulti? :look:

(ah dimenticavo: eth0=WAN eth1=LAN)