Created
August 27, 2011 01:24
-
-
Save nodokodo/1174831 to your computer and use it in GitHub Desktop.
IPTables: Redirect Privileged to Stealthed, Non-Privileged Port
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| FW='/sbin/iptables' | |
| IP='123.123.123.123' # public ip | |
| LO=80 # privileged port | |
| HI=8000 # non-privileged port | |
| PM=0x2a # packet mark - 32bit integer | |
| # allow input on both ports | |
| $FW -A INPUT -d $IP -p tcp --dport $LO -j ACCEPT | |
| $FW -A INPUT -d $IP -p tcp --dport $HI -j ACCEPT | |
| $FW -t mangle -A PREROUTING -d $IP -p tcp --dport $LO -j MARK --set-mark $PM # mark | |
| $FW -t nat -A PREROUTING -d $IP -p tcp --dport $LO -j REDIRECT --to-ports $HI # redirect | |
| $FW -A INPUT -d $IP -p tcp --dport $HI -m mark ! --mark $PM -j REJECT # stealth | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment