cnosuke/ethtool

## ethtool
#!/bin/sh

# Copyright (C) 2012 Shinnosuke TAKEDA All rights reserved.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# http://www.gnu.org/licenses/gpl.txt

ETHTOOL=/sbin/ethtool
IP=/sbin/iptables

test -x $ETHTOOL || exit 0

[ "$IFACE" != "lo" ] || exit 0

# Gather together the mixed bag of settings applied with -s/--change
SETTINGS="\
${IF_ETHERNET_PORT:+ port $IF_ETHERNET_PORT}\
${IF_DRIVER_MESSAGE_LEVEL:+ msglvl $IF_DRIVER_MESSAGE_LEVEL}\
"
[ -z "$SETTINGS" ] || $ETHTOOL --change "$IFACE" $SETTINGS

#iptables setting
if [ "$IFACE" = "eth0" ]; then
  #Base
  $IP -F
  $IP -P INPUT DROP
  $IP -P FORWARD DROP
  $IP -P OUTPUT ACCEPT

  # ping
  $IP -A INPUT -p icmp -j ACCEPT

  # local connect
  $IP -A INPUT -i lo -j ACCEPT

  #for dev 20120824
  #$IP -A INPUT -p tcp --dport 55555 -j ACCEPT

  # DNS
   $IP -A INPUT -p tcp --dport 53 -j ACCEPT
   $IP -A INPUT -p udp --dport 53 -j ACCEPT

  # Web Server http:// https://
  $IP -A INPUT -p tcp  --dport 80 -j ACCEPT
  $IP -A INPUT -p tcp  --dport 443 -j ACCEPT

  # SSH
  $IP -A INPUT -p tcp --dport 22 -j ACCEPT

  # mosh - Mobile Shell mosh.mit.edu
  $IP -A INPUT -p udp  --dport 60000:61000 -j ACCEPT

  # PosgreSQL
  # $IP -A INPUT -p tcp --dport 5432 -j ACCEPT

  # MySQL
  # $IP -A INPUT -p tcp --dport 3306 -j ACCEPT

  # TCP stream
  $IP -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

  # FTPS
  # $IP -A INPUT -p tcp  --dport 20:21 -j ACCEPT
  # $IP -A INPUT -p tcp  --dport 60020:60030 -j ACCEPT

  # $IP -A INPUT -p tcp --dport 548 -j ACCEPT   //netatalk
  # $IP -A INPUT -p tcp --dport 21 -j ACCEPT    //FTP
  # $IP -A INPUT -p tcp --dport 110 -j ACCEPT   //POP
  # $IP -A INPUT -p tcp --dport 25 -j ACCEPT    //SMTP
fi
	#!/bin/sh

	# Copyright (C) 2012 Shinnosuke TAKEDA All rights reserved.
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	#
	# http://www.gnu.org/licenses/gpl.txt

	ETHTOOL=/sbin/ethtool
	IP=/sbin/iptables

	test -x $ETHTOOL \|\| exit 0

	[ "$IFACE" != "lo" ] \|\| exit 0

	# Gather together the mixed bag of settings applied with -s/--change
	SETTINGS="\
	${IF_ETHERNET_PORT:+ port $IF_ETHERNET_PORT}\
	${IF_DRIVER_MESSAGE_LEVEL:+ msglvl $IF_DRIVER_MESSAGE_LEVEL}\
	"
	[ -z "$SETTINGS" ] \|\| $ETHTOOL --change "$IFACE" $SETTINGS

	#iptables setting
	if [ "$IFACE" = "eth0" ]; then
	#Base
	$IP -F
	$IP -P INPUT DROP
	$IP -P FORWARD DROP
	$IP -P OUTPUT ACCEPT

	# ping
	$IP -A INPUT -p icmp -j ACCEPT

	# local connect
	$IP -A INPUT -i lo -j ACCEPT

	#for dev 20120824
	#$IP -A INPUT -p tcp --dport 55555 -j ACCEPT

	# DNS
	$IP -A INPUT -p tcp --dport 53 -j ACCEPT
	$IP -A INPUT -p udp --dport 53 -j ACCEPT

	# Web Server http:// https://
	$IP -A INPUT -p tcp --dport 80 -j ACCEPT
	$IP -A INPUT -p tcp --dport 443 -j ACCEPT

	# SSH
	$IP -A INPUT -p tcp --dport 22 -j ACCEPT

	# mosh - Mobile Shell mosh.mit.edu
	$IP -A INPUT -p udp --dport 60000:61000 -j ACCEPT

	# PosgreSQL
	# $IP -A INPUT -p tcp --dport 5432 -j ACCEPT

	# MySQL
	# $IP -A INPUT -p tcp --dport 3306 -j ACCEPT

	# TCP stream
	$IP -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# FTPS
	# $IP -A INPUT -p tcp --dport 20:21 -j ACCEPT
	# $IP -A INPUT -p tcp --dport 60020:60030 -j ACCEPT

	# $IP -A INPUT -p tcp --dport 548 -j ACCEPT //netatalk
	# $IP -A INPUT -p tcp --dport 21 -j ACCEPT //FTP
	# $IP -A INPUT -p tcp --dport 110 -j ACCEPT //POP
	# $IP -A INPUT -p tcp --dport 25 -j ACCEPT //SMTP
	fi