Skip to content

Instantly share code, notes, and snippets.

@cdracars

cdracars/gist:db0bcdda009d952296aa

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cdracars/db0bcdda009d952296aa to your computer and use it in GitHub Desktop.
Save cdracars/db0bcdda009d952296aa to your computer and use it in GitHub Desktop.
Download ZIP
IPTABLES Routing Rules
Raw
gistfile1.md

Standard routing rules

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -m comment --comment "Already approved traffic"
iptables -A INPUT -p tcp -i eth0 -m state --state NEW -s 0.0.0.0/0 -m multiport --dports 22,80,443 -j ACCEPT -m comment --comment "Let in the good stuff"
iptables -A INPUT -j DROP
iptables-save > /etc/iptables.rules

Create /etc/network/if-pre-up.d/iptables

vi /etc/network/if-pre-up.d/iptables

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

chmod +x /etc/network/if-pre-up.d/iptables

Create /etc/network/if-post-down.d/iptables

vi /etc/network/if-post-down.d/iptables

#!/bin/sh
iptables-save -c > /etc/iptables.rules
if [ -f /etc/iptables.rules ]; then
  iptables-restore < /etc/iptables.rules
fi
exit 0

chmod +x /etc/network/if-post-down.d/iptables

Restart network after changes

sudo /etc/init.d/networking restart

Rules to setup route forwarding to private ips behind gateway server

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state —state RELATED, ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment