Created
June 12, 2024 01:59
-
-
Save dillera/3a7707ea73fe98fb6ea442a6198303a8 to your computer and use it in GitHub Desktop.
A set of commands to setup iptables for the firewall host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat <<EOF | sudo bash | |
| # Flush existing rules and set default policies | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t mangle -F | |
| iptables -t raw -F | |
| iptables -X | |
| iptables -P INPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| # Allow SSH | |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
| # Forward Telnet traffic to BBS | |
| iptables -t nat -A PREROUTING -p tcp --dport 23 -j DNAT --to-destination 192.168.1.99:23 | |
| # Masquerade outgoing traffic | |
| iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o enp4s0 -j MASQUERADE | |
| # Allow forwarding of established connections and all traffic from the local network | |
| iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT | |
| # Enable IP forwarding | |
| sysctl -w net.ipv4.ip_forward=1 | |
| echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf | |
| sysctl -p | |
| # Save iptables rules | |
| iptables-save > /etc/iptables/rules.v4 | |
| netfilter-persistent save | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment