systemd-fw/opt/firewall/example.fw

46 lines
1.0 KiB
Plaintext
Raw Normal View History

2019-08-03 09:21:34 +00:00
#!/bin/bash
# 1/ flush all
printf "flush\n";
iptables -F;
ip6tables -F;
# 2/ default policies
printf "set default policy (drop)\n";
iptables -P FORWARD DROP; #WARN
ip6tables -P FORWARD DROP; #WARN
iptables -P INPUT DROP;
ip6tables -P INPUT DROP;
iptables -P OUTPUT ACCEPT;
ip6tables -P OUTPUT ACCEPT;
# 3/ allow localhost
iptables -A INPUT -i lo -j ACCEPT;
iptables -A FORWARD -i lo -j ACCEPT;
ip6tables -A INPUT -i lo -j ACCEPT;
ip6tables -A FORWARD -i lo -j ACCEPT;
# 4/ allow ping
iptables -A INPUT -p icmp -j ACCEPT;
ip6tables -A INPUT -p icmp -j ACCEPT;
# 5/ allow ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT;
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT;
# 5/ allow http
iptables -A INPUT -p tcp --dport 80 -j ACCEPT;
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT;
# 6/ allow https
iptables -A INPUT -p tcp --dport 443 -j ACCEPT;
ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT;
# x/ keep established connections
printf "keep established connections\n";
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;