Created
October 25, 2019 18:05
-
-
Save spy86/90e6c190645142f0035f7464068bed25 to your computer and use it in GitHub Desktop.
Example FW configuration script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #define where iptables is | |
| IPT=/sbin/iptables | |
| ############# Begin the NAT table operations ###### | |
| #Flush all the rules in the nat table | |
| $IPT -t nat -F | |
| #Load some modules needed for NAT | |
| /sbin/modprobe ip_nat_ftp | |
| /sbin/modprobe ip_nat_irc | |
| #DNAT the gaming device ports 6500 and 6700 UDP for hosting games | |
| $IPT –t nat -A PREROUTING -p udp - dport 6500 -j DNAT - to 192.168.1.200 | |
| $IPT –t nat -A PREROUTING -p udp - dport 6700 -j DNAT - to 192.168.1.200 | |
| #Deny printer access to the internet | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.100 -j DROP | |
| #Transparent Proxy for the children's computer | |
| $IPT -t nat -A PREROUTING -s 192.168.1.55 -p tcp - dport 80 -j REDIRECT - to-port 3128 | |
| #Masquerade HTTPS for children's computer | |
| $IPT -t nat -A POSTROUTING –o eth0 -s 192.168.1.55 -p tcp - dport 443 -j MASQUERADE | |
| #Masquerade the children's computer for DNS requests | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.55 -p udp - dport 53 -j MASQUERADE | |
| #Masquerade the children's computer to access yahoo messenger servers | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.55 -d scs.msg.yahoo.com -j MASQUERADE | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.55 -d scsa.msg.yahoo.com -j MASQUERADE | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.55 -d scsb.msg.yahoo.com -j MASQUERADE | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.55 -d scsc.msg.yahoo.com -j MASQUERADE | |
| #Drop everything else for the children's computer | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.55 -j DROP | |
| #Masquerade all our network | |
| $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE | |
| #DNAT port 9112 TCP for VNC into the desktop computer | |
| $IPT –t nat -A PREROUTING -p tcp - dport 9112 -j DNAT - to 192.168.1.11 | |
| ############# End the NAT table opperations ###### | |
| #Flush all the rules in INPUT, FORWARD and OUTPUT | |
| $IPT -F | |
| #Allow everything on the loopback interface | |
| $IPT -A INPUT -i lo -j ACCEPT | |
| #Delete the SSH chain if it exists and create it again | |
| $IPT -X SSH | |
| $IPT -N SSH | |
| #Pass all tcp packets to port 1234 to the SSH chain | |
| $IPT -A INPUT -p tcp - dport 1234 -j SSH | |
| #Append the allow and drop rules for the SSH chain | |
| $IPT -A SSH -s 1.2.3.4 -j ACCEPT | |
| $IPT -A SSH -s 192.168.1.0/27 -j ACCEPT | |
| $IPT -A SSH -s 0/0 -j DROP | |
| #DROP all incoming TCP SYN packets on eth0 | |
| $IPT -A INPUT -i eth0 -p tcp - syn -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment