Skip to content

Instantly share code, notes, and snippets.

@changeme

changeme/ActiveDirectory-iptables-firewall

Created April 29, 2016 14:15
Show Gist options
  • Save changeme/7164665269c90063741e5df13fa537f5 to your computer and use it in GitHub Desktop.
Save changeme/7164665269c90063741e5df13fa537f5 to your computer and use it in GitHub Desktop.
Download ZIP
Active Directory - Reglas para iptables
Raw
ActiveDirectory-iptables-firewall
# Basado en http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
#
# Adaptarlo para saliente
#
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 53 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 53 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 42 -m comment --comment WINS -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 42 -m comment --comment WINS -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 137 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 137 -m comment --comment "Name Resolution Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 138 -m comment --comment "Datagram Services (Browsing)" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 139 -m comment --comment "Session Service (net use)" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 445 -m comment --comment SMB -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 445 -m comment --comment SMB -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 1025 -m comment --comment "Remote Storm" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 123 -m comment --comment NTP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 123 -m comment --comment NTP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 507 -m comment --comment Content_Repl -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 750 -m comment --comment Kerberos_Secure -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 88 -m comment --comment Kerberos_v5 -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 464 -m comment --comment Kerberos_v5 -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 88 -m comment --comment Kerberos_v5 -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 464 -m comment --comment Kerberos_v5 -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 389 -m comment --comment LDAP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 389 -m comment --comment LDAP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 636 -m comment --comment LDAP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 636 -m comment --comment LDAP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 445 -m comment --comment "Microsoft-CIFS (DS) " -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 445 -m comment --comment "Microsoft-CIFS (DS) " -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 135 -m comment --comment RPC -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 161 -m comment --comment SNMP -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp --dport 162 -m comment --comment "SNMP TRAP" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 42424 -m comment --comment "ASP.Net State Service" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp --dport 691 -m comment --comment "Link State Algorithm Routing" -j ACCEPT
-A INPUT -s $SERVERIP/32 -p udp -m udp -m comment --comment Resto -j ACCEPT
-A INPUT -s $SERVERIP/32 -p tcp -m tcp -m comment --comment Resto -j ACCEPT
-A INPUT -s $SERVERIP/32 -p icmp -m icmp --icmp-type 8 -m comment --comment echo-reply -j ACCEPT
-A INPUT -s $SERVERIP/32 -p icmp -m icmp --icmp-type 0 -m comment --comment destination-unreachable -j ACCEPT
-A INPUT -s $SERVERIP/32 -p icmp -m icmp --icmp-type 3 -m comment --comment time-exceeded -j ACCEPT
-A INPUT -s $SERVERIP/32 -p icmp -m icmp --icmp-type 11 -m comment --comment echo-request -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment