iptables

iptables.sh

# iptables config file

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-A PREROUTING -p tcp -s 10.0.0.30 --dport 22 -j DNAT --to 10.0.0.10:22
-A POSTROUTING -p tcp -s 10.0.0.30 --dport 22 -j MASQUERADE

COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
#-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22 -j ACCEPT

# Keep state.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Loop device.
-A INPUT -i lo -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# ejabberd
#-A INPUT -p tcp -m multiport --dport 5222,5223,5280 -j ACCEPT

# http/https
#-A INPUT -p tcp -m multiport --dport 80,443 -j ACCEPT

# smtp/smtps
#-A INPUT -p tcp -m multiport --dport 25,465 -j ACCEPT

# pop3/pop3s
#-A INPUT -p tcp -m multiport --dport 110,995 -j ACCEPT

# imap/imaps
#-A INPUT -p tcp -m multiport --dport 143,993 -j ACCEPT

# ldap/ldaps
#-A INPUT -p tcp -m multiport --dport 389,636 -j ACCEPT

# ftp.
#-A INPUT -p tcp -m multiport --dport 21,20 -j ACCEPT

# SSH
-A INPUT -p tcp --dport 22 -j ACCEPT

# http
-A INPUT -p tcp --dport 80 -j ACCEPT

#Samba
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

# SNMP
-A INPUT -s 162.243.48.151 -p udp --dport 191 -j ACCEPT

-A FORWARD -s 10.0.0.10 -d 10.0.0.30 -j ACCEPT
-A FORWARD -s 10.0.0.30 -d 10.0.0.10 -j ACCEPT

COMMIT