Skip to content

Instantly share code, notes, and snippets.

@mklooss

mklooss/init.sh

Last active March 4, 2016 12:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mklooss/7673007 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mklooss/7673007 to your computer and use it in GitHub Desktop.
Download ZIP
iptables whitelisting with file source
Raw
init.sh
iptables -N ftpwhitelist
iptables -A INPUT -j ftpwhitelist
Raw
ip-whitelist
127.0.0.1 # comment here
127.0.0.3 # from the outernet
Raw
rules.sh
#!/bin/bash
WEBIP="/root/firewall/ip-whitelist"
IPT="/sbin/iptables"
$IPT -F ftpwhitelist
IPS=$(egrep -v "^#|^$" $WEBIP)
I=0
for c in $IPS
do
if [ `echo $c | cut -c 1-1` != "#" ]; then
IPW=`echo $c | xargs | awk '{print $1}'`
if [[ ! -z "$IPW" ]]; then
I=I+1
$IPT -A ftpwhitelist -p TCP -s $IPW --destination-port 21 -j ACCEPT
$IPT -A ftpwhitelist -p TCP -s $IPW --destination-port 21 -j ACCEPT
# FTP Client (Data Port for non-PASV transfers)
$IPT -A ftpwhitelist -p TCP -s $IPW --source-port 20 -j ACCEPT
$IPT -A ftpwhitelist -p TCP -s $IPW --source-port 20 -j ACCEPT
# FTP Client (Passive FTP)
$IPT -A ftpwhitelist -p TCP -s $IPW --destination-port 63900:64000 -j ACCEPT
$IPT -A ftpwhitelist -p TCP -s $IPW --destination-port 63900:64000 -j ACCEPT
echo "$IPW whitelistet"
fi
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment