⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 firewall-masq

📁 linux下的拨号程序rp-pppoe.3.7
💻
字号:
🔍 
#!/bin/sh## firewall-masq		This script sets up firewall rules for a machine#                       acting as a masquerading gateway## Copyright (C) 2000 Roaring Penguin Software Inc.  This software may# be distributed under the terms of the GNU General Public License, version# 2 or any later version.# LIC: GPL# Interface to InternetEXTIF=ppp+# NAT-Tables are different, so we can use ACCEPT everywhere (?)iptables -t nat -P PREROUTING ACCEPTiptables -t nat -P OUTPUT ACCEPTiptables -t nat -P POSTROUTING ACCEPT# Flush the NAT-Tableiptables -t nat -Fiptables -t filter -P INPUT DROPiptables -t filter -F# Allow incoming SSH#iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 22 -j ACCEPT# Log & Deny the rest of the privileged portsiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j LOGiptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j LOGiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROPiptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP# Log & Deny NFSiptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j LOGiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j LOGiptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j DROPiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j DROP# Log & Deny X11iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j LOGiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j DROP# Log & Deny XFSiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j LOGiptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j DROP# Deny TCP connection attemptsiptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j LOGiptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j DROP# Deny ICMP echo-requestsiptables -t filter -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP# Do masqueradingiptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE# Enable forwardingecho 1 > /proc/sys/net/ipv4/ip_forward# no IP spoofingif [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then   for i in /proc/sys/net/ipv4/conf/*/rp_filter; do      echo 1 > $i   donefi# Disable Source Routed Packetsfor i in /proc/sys/net/ipv4/conf/*/accept_source_route; do   echo 0 > $idone

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -