You are on page 1of 2

#!

/bin/sh
#Stergem reglulile precedente
/usr/sbin/iptables -F
#Lasam serveru` sa faca trafic
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
#Routam traficul prin server
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source x
.x.x.x
echo 1 > /proc/sys/net/ipv4/ip_forward
#Oprim accesul pop, imap, etc (mail)... lasam doar LAN-ul
/usr/sbin/iptables -A INPUT -s ! 192.168.0.0/24 -p tcp -m multiport --dport 110,
143 -j REJECT
#Oprim accesul ssh si lasam ce trebuie
/usr/sbin/iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -s y.y.y.y -p tcp --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -s ! z.z.z.z -p tcp --dport 22 -j REJECT
#Oprire Dc++, Kazza, etc
### Port DC++ Blockate ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 411 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 411 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 1411 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 1411 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 1412 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 1412 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6969 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6969 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 7778 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 7778 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4111 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4111 -j REJECT
## Port Kazza Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 1214 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 1214 -j REJECT
## Port HotLine Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 5500 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 5500 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 5501 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 5501 -j REJECT
## Port eDonkey Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 4661 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4661 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4663 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4663 -j REJECT
## Port Gnutella Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 6346 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6346 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6347 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6347 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6348 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6348 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6355 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6355 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 5555 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 5555 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 7777 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 7777 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 8311 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8311 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 27910 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 27910 -j REJECT
### Napster ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 8889 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8889 -j REJECT
## Port IMesh Block ###
/usr/sbin/iptables -A FORWARD -d 216.35.208.0/24 -j REJECT
## Port WinMX Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 6257 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6699 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 412 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 412 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 413 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 413 -j REJECT
## Port AudioGalaxxy Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 8875 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8875 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 8888 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8888 -j REJECT
## Port Emule Block ##
/usr/sbin/iptables -I FORWARD -p tcp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4672 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4672 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4665 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4665 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4711 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4711 -j REJECT
#impotriva scanarilor clandestine
/usr/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --
limit 1/s -j ACCEPT
#################
Comentarii : x.x.x.x = ip. de net al serverului
192.168.0.1 = ip. lan al serverului
y.y.y.y = un ip. din ext. care vreau sa intre pe ssh
z.z.z.z = celalalt ip. din ext. care vreau sa se connecteze pe shh

You might also like