µWallet

antarctis euchzur-b5-v0

November 18th, 2009 Leave a comment Go to comments

#!/bin/bash

clear
echo “”
echo “[FIREWALL - Bringing up]”

echo “##### DEFINITIONS”
echo “# setting definitions”
IPTABLES=”/sbin/iptables”
LAN_INTERFACE=”eth0″
LAN_IP=”"
DNS_SERVER01=”62.2.86.86″
DNS_SERVER02=”62.2.182.86″

echo “##### PREPARATIONS”
echo “# clear existing configuration”
$IPTABLES -F
$IPTABLES -X

echo “##### DEFINING CHAINS”
$IPTABLES -N antarctis
$IPTABLES -A antarctis -p TCP -j LOG –log-level debug –log-prefix “ANTARCTIS: TCP ”
$IPTABLES -A antarctis -p UDP -j LOG –log-level debug –log-prefix “ANTARCTIS: UDP ”
$IPTABLES -A antarctis -j DROP

echo “##### INBOUNDING RULES”
echo “# allow ICMP”
#$IPTABLES -A OUTPUT -p icmp -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A INPUT -p icmp -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
echo “# allow SSH”
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 22 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 22 -m state –state ESTABLISHED,RELATED -j ACCEPT
#echo “# allow SMTP”
#$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 25 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 25 -m state –state ESTABLISHED,RELATED -j ACCEPT
echo “# allow HTTP”
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 80 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 80 -m state –state ESTABLISHED,RELATED -j ACCEPT
#echo “# allow POP3″
#$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 110 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 110 -m state –state ESTABLISHED,RELATED -j ACCEPT
echo “# allow HTTPS”
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 443 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 443 -m state –state ESTABLISHED,RELATED -j ACCEPT
#echo “# allow IMAPS”
#$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 993 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 993 -m state –state ESTABLISHED,RELATED -j ACCEPT
#echo “# allow POP3S”
#$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 995 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 995 -m state –state ESTABLISHED,RELATED -j ACCEPT
echo “# allow PPTP”
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –dport 1723 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –sport 1723 -m state –state ESTABLISHED,RELATED -j ACCEPT

echo “##### OUTBOUNDING RULES”
echo “# allow ICMP”
$IPTABLES -A OUTPUT -p icmp -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p icmp -m state –state ESTABLISHED,RELATED -j ACCEPT
echo “# allow DNS”
$IPTABLES -A OUTPUT -p udp –sport 1024: –dport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp –sport 1024: –dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $DNS_SERVER01 –sport 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $DNS_SERVER01 –sport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp -s $DNS_SERVER02 –sport 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $DNS_SERVER02 –sport 53 -j ACCEPT
echo “# allow SSH”
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –dport 22 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –sport 22 -m state –state ESTABLISHED,RELATED -j ACCEPT
#echo “# allow SMTP”
#$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –dport 25 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –sport 25 -m state –state ESTABLISHED,RELATED -j ACCEPT
echo “# allow HTTP”
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –dport 80 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –sport 80 -m state –state ESTABLISHED,RELATED -j ACCEPT
echo “# allow HTTP”
$IPTABLES -A OUTPUT -p tcp -o $LAN_INTERFACE –dport 443 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -i $LAN_INTERFACE –sport 443 -m state –state ESTABLISHED,RELATED -j ACCEPT

echo “# PREPARING TUNNELING”
$IPTABLES -A INPUT -p 47 -j ACCEPT
$IPTABLES -A OUTPUT -p 47 -j ACCEPT
echo “1″ > /proc/sys/net/ipv4/ip_forward
iptables -t nat –append POSTROUTING –out-interface eth0 -j MASQUERADE

echo “# allow LOOPBACKIF”
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

echo “# drop ALL”
$IPTABLES -A INPUT -j antarctis
$IPTABLES -A OUTPUT -j antarctis
#$IPTABLES -A FORWARD -j antarctis

echo “[FIREWALL - Finish]”
echo “##### THANKS FOR USING OPENWALLET IPTABLES-GENERATOR v. 1.0″
echo “”
exit 0
##### EOF

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

M	T	W	T	F	S	S
« Aug
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

antarctis euchzur-b5-v0

counterroot@twitter

Meta

Archives

heise – security news

Categories

Blogroll

Archives

Meta