Alukardd
Gold Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору #!/bin/bash # # configure firewall # # allow transit traffic echo "1" > /proc/sys/net/ipv4/ip_forward # internal interface LOCAL="eth0" # external interface INET="eth1" # internal ip LOCAL_IP="192.168.0.0/24" # your external ip INET_IP="1.2.3.4" # allow next services # DNS, mail, web (for bank-client), ICQ, CS 1.6 ALLOW_PORTS_TCP="53" ALLOW_PORTS_TCP+=", 25, 110, 143, 465, 993, 995" ALLOW_PORTS_TCP+=", 80, 443" ALLOW_PORTS_TCP+=", 5190" ALLOW_PORTS_TCP+=", 27010, 27015" ALLOW_PORTS_UDP="53" # clear all rules iptables -F iptables -t mangle -F iptables -t nat -F # define standard actios iptables -P INPUT DROP iptables -P FORWARD DROP # allow to forward traffic to permited services iptables -A FORWARD -i $LOCAL -o $INET -s $LOCAL_IP -p tcp -m multitport --dports $ALLOW_PORTS_TCP -j ACCEPT iptables -A FORWARD -i $LOCAL -o $INET -s $LOCAL_IP -p udp -m multitport --dports $ALLOW_PORTS_UDP -j ACCEPT # allow to forward traffic from permited services back to client iptables -A FORWARD -i $INET -o $LOCAL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # do SNAT iptables -t nat -A POSTROUTING -s $LOCAL_IP -o $INET -j SNAT --to-source $INET_IP |