Selected from Linux Selected from PHP
- Ubuntu 17.10 Install google's mod pagespeed for apache - PHP-Ubuntu-Youtube-dl simple script for converting and downloading youtube video or mp3
- Ubuntu SSH tunnel via proxy - PHP while loop with every row with a different color
- Install GoAccess Apache Log Analyzer Tool on Ubuntu 17.10 - PHP use while loop in function
- SSHFS and map folder with a proxy - PHP List Files And Folders As links
- How to connect to SSH server with a proxy - PHP Extract Text From String
➥ iptables firewall script
Added by sonik on 02-05-2017 and keywords: Iptables, firewall, script, sbin, allow, port, 22, 80, block, bad, ip, скрипт, защитна, стена, линукс, портове, блокиране, защита [ Print Article ]

#!/bin/bash
#
# iptables firewall script
#

IPTABLES=/sbin/iptables
BLACKLIST=/etc/blacklist.ips

echo " * flushing old rules"
${IPTABLES} --flush
${IPTABLES} --delete-chain
${IPTABLES} --table nat --flush
${IPTABLES} --table nat --delete-chain

echo " * setting default policies"
${IPTABLES} -P INPUT DROP
${IPTABLES} -P FORWARD DROP
${IPTABLES} -P OUTPUT ACCEPT

echo " * allowing loopback devices"
${IPTABLES} -A INPUT -i lo -j ACCEPT
${IPTABLES} -A OUTPUT -o lo -j ACCEPT

${IPTABLES} -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
${IPTABLES} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## BLOCK ABUSING IPs HERE ##
#echo " * BLACKLIST"
#${IPTABLES} -A INPUT -s _ABUSIVE_IP_ -j DROP
#${IPTABLES} -A INPUT -s _ABUSIVE_IP2_ -j DROP

echo " * allowing ssh on port 5622"
${IPTABLES} -A INPUT -p tcp --dport 5622  -m state --state NEW -j ACCEPT

echo " * allowing ftp on port 21"
${IPTABLES} -A INPUT -p tcp --dport 21  -m state --state NEW -j ACCEPT

echo " * allowing dns on port 53 udp"
${IPTABLES} -A INPUT -p udp -m udp --dport 53 -j ACCEPT

echo " * allowing dns on port 53 tcp"
${IPTABLES} -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT

echo " * allowing http on port 80"
${IPTABLES} -A INPUT -p tcp --dport 80  -m state --state NEW -j ACCEPT

echo " * allowing https on port 443"
${IPTABLES} -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

echo " * allowing smtp on port 25"
${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

echo " * allowing submission on port 587"
${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT

echo " * allowing imaps on port 993"
${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT

echo " * allowing pop3s on port 995"
${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT

echo " * allowing imap on port 143"
${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT

echo " * allowing pop3 on port 110"
${IPTABLES} -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT

echo " * allowing ping responses"
${IPTABLES} -A INPUT -p ICMP --icmp-type 8 -j ACCEPT

# DROP everything else and Log it
${IPTABLES} -A INPUT -j LOG
${IPTABLES} -A INPUT -j DROP

#
# Block abusing IPs
# from ${BLACKLIST}
#
if [[ -f "${BLACKLIST}" ]] && [[ -s "${BLACKLIST}" ]]; then
   echo " * BLOCKING ABUSIVE IPs"
   while read IP; do
       ${IPTABLES} -I INPUT -s "${IP}" -j DROP
   done < <(cat "${BLACKLIST}")
fi

#
# Save settings
#
echo " * SAVING RULES"

if [[ -d /etc/network/if-pre-up.d ]]; then
   if [[ ! -f /etc/network/if-pre-up.d/iptables ]]; then
       echo -e "#!/bin/bash" > /etc/network/if-pre-up.d/iptables
       echo -e "test -e /etc/iptables.rules && iptables-restore -c /etc/iptables.rules" >> /etc/network/if-pre-up.d/iptables
       chmod +x /etc/network/if-pre-up.d/iptables
   fi
fi

iptables-save > /etc/fwall.rules
iptables-restore -c /etc/fwall.rules

@All rights reserved with Copyright Webleit.info 2018 by Sonik_Blast [ Site Map ] [ RSS ] [ YouTube Mp3 Downloader and converter ]