| |
1 #! /bin/sh
2
3 trusthost='192.168.10.100'
4 myhost='192.168.20.200'
5 any='0.0.0.0/0'
6
7 ##############
8 #Flush & Reset
9 ##############
10 iptables -F
11 iptables -X
12 ##############
13 #Deafult Rule
14 ##############
15 iptables -P INPUT DROP
16 #iptables -P OUTPUT DROP
17 iptables -P FORWARD DROP
18 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
19
20 #########
21 #loopback
22 #########
23 iptables -A INPUT -i lo -j ACCEPT
24 iptables -A OUTPUT -o lo -j ACCEPT
25 #######################
26 #ICMP trusthost->myhost
27 #######################
28 iptables -A INPUT -p icmp --icmp-type echo-request -s $trusthost -d $myhost -j ACCEPT
29 iptables -A OUTPUT -p icmp --icmp-type echo-reply -s $myhost -d $trusthost -j ACCEPT
30 #######################
31 #ICMP myhost->trusthost
32 #######################\
33 iptables -A OUTPUT -p icmp --icmp-type echo-request -s $myhost -d $trusthost -j ACCEPT
34 iptables -A INPUT -p icmp --icmp-type echo-reply -s $trusthost -d $myhost -j ACCEPT
35 #######################
36 #ssh trusthost-> myhost
37 #######################
38 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
39 iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s $trusthost -d $myhost --dport 22 -j ACCEPT
40 iptables -A OUTPUT -p tcp -s $myhost --sport 22 -d $trusthost -j ACCEPT
41 #################
42 #www ANY-> myhost
43 #################
44 iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
45 iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -s $any -d $myhost --dport 80 -j ACCEPT
46 iptables -A OUTPUT -p tcp -s $myhost --sport 80 -d $any -j ACCEPT
47 #########
48 #logging
49 #########
50 iptables -N LOGGING
51 iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
52 iptables -A LOGGING -j DROP
53 iptables -A INPUT -j LOGGING
54 #iptables -A OUTPUT -j LOGGING |
|