[Linux] ipchains -> iptables

---------

New Message Reply About this list Date view Thread view Subject view Author view

From: Ahmet Aksoy (ahmetax@kablonet.com.tr)
Date: Mon 20 Jan 2003 - 21:25:24 EET

Merhaba,
Biraz kolayina kacmak gibi ama, asagida, ipchains ile hazirlanmis bir kurallar dizisi var. Bunu iptables'a gore uyarlayabilir miyiz?
Simdiden tesekkurler.
Ahmet Aksoy

#!/bin/bash
#PATH=/sbin:

# Find out out current IP... filtering based on a ppp connection
# which usually has a netmask of 255.255.255.x
MYIP=`ifconfig | grep 255.255.255 | cut -f 2 -d : | cut -f 1 -d ' '`

# Flush all firewalling rules
ipchains -F input
ipchains -F forward
ipchains -F output

# Set default policies
ipchains -P input REJECT
ipchains -P forward DENY
ipchains -P output ACCEPT

# Localhost is assumed OK
ipchains -A input -j ACCEPT -i lo
ipchains -A output -j ACCEPT -i lo
ipchains -A forward -j ACCEPT -i lo

# Exclusively reject and log X connections
ipchains -A input -j REJECT -s 0.0.0.0./0 -d $MYIP 6000:6010 -p TCP -l
ipchains -A input -j REJECT -s 0.0.0.0./0 -d $MYIP 6000:6010 -p UDP -l

# Log IP spoofing
ipchains -A input -j REJECT -s 192.168.0.0/16 -d $MYIP -p TCP -l
ipchains -A input -j REJECT -s 192.168.0.0/16 -d $MYIP -p UDP -l

ipchains -A input -j REJECT -s 172.16.0.0/16 -d $MYIP -p TCP -l
ipchains -A input -j REJECT -s 172.16.0.0/16 -d $MYIP -p UDP -l

ipchains -A input -j REJECT -s 10.0.0.0/8 -d $MYIP -p TCP -l
ipchains -A input -j REJECT -s 10.0.0.0/8 -d $MYIP -p UDP -l

# Permit all ICMP to me
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP -p icmp

# Allow incoming data (for DNS queries, SMTP, FTP sessions, web etc.)
# Forbid incoming connections to all ports but 4090-4100 (preserved for ICQ)
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP 1024:4089 -p tcp ! -y
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP 1024:4089 -p UDP

ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP 4090:4100 -p tcp
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP 4090:4100 -p UDP

ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP 4101:65535 -p tcp ! -y
ipchains -A input -j ACCEPT -s 0.0.0.0/0 -d $MYIP 4101:65535 -p UDP

# Done deal.

-----------------------------------------------------------------------
Liste üyeliğiniz ile ilgili her türlü işlem için
http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.

Listeden çıkmak için: 'linux-request@linux.org.tr' adresine,
"Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz.
-----------------------------------------------------------------------

New Message Reply About this list Date view Thread view Subject view Author view

---------

Bu arsiv hypermail 2b29 tarafindan uretilmistir.