Create a gist now

Instantly share code, notes, and snippets.

@carldanley /rules.sh Secret
Last active Nov 23, 2016

What would you like to do?
#!/bin/sh
# 10.0.1.130 is my home router (testing before I physically move the servers)
EXTERNAL_NIC="enp3s0"
INTERNAL_NIC="enp5s0"
# flush everything
iptables -F
iptables -X
# set default policies
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# allow loopback free reign
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# allow internal nic free reign
iptables -A INPUT -i $INTERNAL_NIC -j ACCEPT
iptables -A OUTPUT -o $INTERNAL_NIC -j ACCEPT
# allow internal nic to get to external nic
iptables -A INPUT -i $INTERNAL_NIC -o $EXTERNAL_NIC -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_NIC -i $INTERNAL_NIC -j ACCEPT
iptables -A FORWARD -i $INTERNAL_NIC -o $EXTERNAL_NIC -j ACCEPT
iptables -A FORWARD -i $EXTERNAL_NIC -o $INTERNAL_NIC -j ACCEPT
# allow traffic on specific ports of external nic
iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i $EXTERNAL_NIC -p tcp --dport 53 -j ACCEPT
# enable masquerading
iptables -t nat -A POSTROUTING -o $EXTERNAL_NIC -j MASQUERADE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment