Skip to content

Instantly share code, notes, and snippets.

@SharkyRawr

SharkyRawr/kvm_firewall.sh

Last active December 26, 2016 13:20
Show Gist options
  • Save SharkyRawr/edf18ba15980068988fa596af5411bbf to your computer and use it in GitHub Desktop.
Save SharkyRawr/edf18ba15980068988fa596af5411bbf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kvm_firewall.sh
#! /bin/bash -e
IPT=`which iptables`
SUBNET="192.168.22.0/16"
IF_PUB="eth0"
IF_PRIV="virbr0"
VMS="FROXLOR GAMESERVER WINDOWS NYANCOIN"
FROXLOR="192.168.22.81"
FROXLOR_TCP_PORTS="80 443 8122 22 21 55500:55599"
GAMESERVER="192.168.22.69"
GAMESERVER_TCP_PORTS="8222"
WINDOWS="192.168.22.95"
WINDOWS_TCP_PORTS="28000:28010 1234"
WINDOWS_UDP_PORTS="7777:7778 27015 28000:28010 1234"
NYANCOIN="192.168.22.67"
NYANCOIN_TCP_PORTS="8322 33701"
NYANCOIN_UDP_PORTS=""
$IPT -F
$IPT -t nat -F
$IPT -t nat -A POSTROUTING -s 192.168.22.0/16 -o eth0 -j MASQUERADE
function fw {
PORT="$1"
PROTO="$2"
TO="$3"
$IPT -t nat -A PREROUTING -i $IF_PUB -p $PROTO --dport $PORT -j DNAT --to-destination $TO
$IPT -t nat -A POSTROUTING -s $SUBNET -d $TO -p $PROTO --dport $PORT -j MASQUERADE
}
for vm in $VMS; do
TMP="_TCP_PORTS"
PORTS="$vm$TMP"
echo "$vm TCP: ${!PORTS}"
if [ -z "$PORTS" ]; then continue; fi;
for p in ${!PORTS}; do
fw $p tcp ${!vm}
done
TMP="_UDP_PORTS"
PORTS="$vm$TMP"
echo "$vm UDP: ${!PORTS}"
if [ -z "$PORTS" ]; then continue; fi;
for p in ${!PORTS}; do
fw $p udp ${!vm}
done
done
# RDP Masking
$IPT -t nat -A PREROUTING -i $IF_PUB -p tcp --dport 13389 -j DNAT --to-destination $WINDOWS:3389
$IPT -t nat -A POSTROUTING -s $SUBNET -d $WINDOWS -p tcp --dport 13389 -j MASQUERADE
$IPT -t nat -A PREROUTING -i $IF_PUB -p udp --dport 13389 -j DNAT --to-destination $WINDOWS:3389
$IPT -t nat -A POSTROUTING -s $SUBNET -d $WINDOWS -p udp --dport 13389 -j MASQUERADE
$IPT -t nat -L -n -v
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment