История изменений
Исправление rumgot, (текущая версия) :
Вот мой скрипт для настройки правил iptables:
#!/bin/bash
# ip4 #############
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
# allow all input!
#iptables -P INPUT ACCEPT
#iptables -P FORWARD ACCEPT
# allow all outcoming packets
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# accept established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# ssh ####
iptables -A INPUT -p tcp --dport 12345 -j ACCEPT
# icmp ####
iptables -A INPUT -p icmp -j ACCEPT
# samba ####
# iptables -A INPUT -p tcp -m multiport --destination-port 139,445 -j ACCEPT
# ip4 #############
###################
# ipv6 ############
ip6tables -F
#table nat dont exist
#ip6tables -t nat -F
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
# allow all input!
#ip6tables -P INPUT ACCEPT
#ip6tables -P FORWARD ACCEPT
# allow all outcoming packets
ip6tables -P OUTPUT ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -p tcp --dport 12345 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
# ipv6 ############
###################
# save rules ######
# iptables-persistent service restore rules on boot time
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# save rules ######
Исходная версия rumgot, :
Вот мой скрипт для настройки правил iptables:
#!/bin/bash
# ipv4 #############
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
# allow all outcoming packets
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# accept established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# ssh ####
iptables -A INPUT -p tcp --dport 12345 -j ACCEPT
# icmp ####
iptables -A INPUT -p icmp -j ACCEPT
# samba ####
iptables -A INPUT -p tcp -m multiport --destination-port 139,445 -j ACCEPT
# ipv4 #############
# ipv6 ############
ip6tables -F
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
# allow all outcoming packets
ip6tables -P OUTPUT ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -p tcp --dport 30022 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
# ipv6 ############
###################
# save rules ######
# iptables-persistent service restore rules on boot time
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# save rules ######