| |
1 #! /bin/sh
2
3 trusthost='192.168.10.100'
4 myhost='192.168.20.200'
5 any='0.0.0.0/0'
6
7 ##############
8 #Flush & Reset
9 ##############
10 iptables -F
11 iptables -X
12 ##############
13 #Deafult Rule
14 ##############
15 iptables -P INPUT DROP
16 iptables -P OUTPUT DROP
17 iptables -P FORWARD DROP
18 #########
19 #loopback
20 #########
21 iptables -A INPUT -i lo -j ACCEPT
22 iptables -A OUTPUT -o lo -j ACCEPT
23 #######################
24 #ICMP trusthost->myhost
25 #######################
26 iptables -A INPUT -p icmp --icmp-type echo-request -s $trusthost -d $myhost -j ACCEPT
27 iptables -A OUTPUT -p icmp --icmp-type echo-reply -s $myhost -d $trusthost -j ACCEPT
28 #######################
29 #ICMP myhost->trusthost
30 #######################\
31 iptables -A OUTPUT -p icmp --icmp-type echo-request -s $myhost -d $trusthost -j ACCEPT
32 iptables -A INPUT -p icmp --icmp-type echo-reply -s $trusthost -d $myhost -j ACCEPT
33 #######################
34 #ssh trusthost-> myhost
35 #######################
36 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
37 iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s $trusthost -d $myhost --dport 22 -j ACCEPT
38 iptables -A OUTPUT -p tcp -s $myhost --sport 22 -d $trusthost -j ACCEPT
39 #########
40 #logging
41 #########
42 iptables -N LOGGING
43 iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
44 iptables -A LOGGING -j DROP
45 iptables -A INPUT -j LOGGING
46 iptables -A OUTPUT -j LOGGING |
|