| #!/bin/sh | |
| # 10.0.1.130 is my home router (testing before I physically move the servers) | |
| EXTERNAL_NIC="enp3s0" | |
| INTERNAL_NIC="enp5s0" | |
| # flush everything | |
| iptables -F | |
| iptables -X | |
| # set default policies | |
| iptables -P INPUT DROP | |
| iptables -P OUTPUT DROP | |
| iptables -P FORWARD DROP | |
| # allow loopback free reign | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A OUTPUT -o lo -j ACCEPT | |
| # allow internal nic free reign | |
| iptables -A INPUT -i $INTERNAL_NIC -j ACCEPT | |
| iptables -A OUTPUT -o $INTERNAL_NIC -j ACCEPT | |
| # allow internal nic to get to external nic | |
| iptables -A INPUT -i $INTERNAL_NIC -o $EXTERNAL_NIC -j ACCEPT | |
| iptables -A OUTPUT -o $EXTERNAL_NIC -i $INTERNAL_NIC -j ACCEPT | |
| iptables -A FORWARD -i $INTERNAL_NIC -o $EXTERNAL_NIC -j ACCEPT | |
| iptables -A FORWARD -i $EXTERNAL_NIC -o $INTERNAL_NIC -j ACCEPT | |
| # allow traffic on specific ports of external nic | |
| iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 22 -j ACCEPT | |
| iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 80 -j ACCEPT | |
| iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 443 -j ACCEPT | |
| iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 53 -j ACCEPT | |
| # enable masquerading | |
| iptables -t nat -A POSTROUTING -o $EXTERNAL_NIC -j MASQUERADE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment