RAQ 550 Support, How To page.

#!/bin/bash
# This is my firewall script for IPTABLES
# chkconfig: 345 98 10

case "$1" in 
        start)
                echo -n 'Starting Firewall: '
                echo 1 > /proc/sys/net/ipv4/ip_forward
                iptables -t nat --flush
                iptables -t filter --flush
                iptables -F acctin
                iptables -F acctout
                iptables -X acctin
                iptables -X acctout

## Following line Needed because Sun does some stuff for packet accounting!
                /etc/rc.d/init.d/iptables start   
                iptables -t filter -P INPUT DROP
## If you want to use one of your ethernet ports on a local network, uncomment one of the 2 lines below
                #iptables -t filter -A INPUT -i eth0 -j ACCEPT
                #iptables -t filter -A INPUT -i eth1 -j ACCEPT

                iptables -t filter -A INPUT -i lo -j ACCEPT
                iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

## Add as many lines you need to open up all the ports you need, delete what you don't want opened
                #iptables -t filter -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 444 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
                iptables -t filter -A INPUT -p udp --dport 113 -j ACCEPT
                iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
                iptables -t filter -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
		    
        #-# how to add NAT
                iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE

	#-# port forwarding!
                #iptables -t nat -A PREROUTING -d x.x.x.x -p udp --dport 113 -j
DNAT --to-dest y.y.y.y:113
                ;;
        stop)
                echo -n 'Stopping Firewall: '
                iptables -t filter -P INPUT ACCEPT
                iptables -t nat --flush
                iptables -t filter --flush
                iptables -F acctin
                iptables -F acctout
                iptables -X acctin
                iptables -X acctout
                /etc/rc.d/init.d/iptables start
                echo ' [OK]'
                ;;
        restart)
                $0 stop
                $0 start
                ;;
        status)
                # This shows the firewall ruleset!
                echo "********************"
                echo "* The Filter Table *"
                echo "********************"
                iptables -t filter --list -n
                echo
                echo "********************"
                echo "* The NAT Table *"
                echo "********************"
                iptables -t nat --list -n
                ;;
        *)
                echo 
                echo " Brian's Firewall v1.0 for IPTABLES (www.solunet.com)"
                echo "****************************************************"
                echo "Usage $0 (start, stop, restart, status)"
                echo
                echo " Start - Starts FW"
                echo " Stop - Stops FW"
                echo " Restart - Restart FW"
                echo " Status - Shows FW"
                echo
                ;;
esac

exit 0
home | terms | about us | contact us

copyright 2002 - buildacom.com