Created
May 9, 2015 21:31
-
-
Save sir-ragna/b0389deb9e20660b8d93 to your computer and use it in GitHub Desktop.
iptables config for my samba 4 machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ## Make backup of previous config ## | |
| iptables-save > /root/iptables-works-`date +%F+%H:%M` | |
| # restore with | |
| # `iptables-restore < iptables-dump-2014-04-13` | |
| ## Clear IP rules ## | |
| iptables -F | |
| iptables -X | |
| ## Default Policy ## | |
| iptables -P INPUT ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD DROP | |
| ## Allow private class C ## | |
| iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT -m comment --comment "Allow LAN hosts" | |
| ## Deny everyone else access to my services ## | |
| # Linux is not fully IANA compliant. | |
| # dynamic port range starts at 32768 instead of 49151 | |
| #cat /proc/sys/net/ipv4/ip_local_port_range | |
| #32768 61000 | |
| # http://unix.stackexchange.com/questions/39699/why-doesnt-linux-use-the-iana-ephemeral-port-range | |
| iptables -A INPUT -j DROP -s 0/0 -p tcp --dport 0:32767 -m comment --comment "Deny all TCP" | |
| iptables -A INPUT -j DROP -s 0/0 -p udp --dport 0:32767 -m comment --comment "Deny all UDP" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment