Created
November 8, 2010 16:23
-
-
Save keymon/667882 to your computer and use it in GitHub Desktop.
Script para poner en /etc/network/if-up.d/.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Configuracion | |
| IFACES="eth0 eth1 dummy0" | |
| # OpenSSH only cares about inet and inet6. | |
| # Get the gone, strange people still use ipx. | |
| if [ "$ADDRFAM" != inet ] && [ "$ADDRFAM" != inet6 ]; then | |
| exit 0 | |
| fi | |
| IPTABLES=/sbin/iptables | |
| if [ ! -x $IPTABLES ]; then | |
| exit 0 | |
| fi | |
| echo "Starting Firewall..." | |
| echo " > IFACE: $IFACE" | |
| echo " > MODE: $MODE" | |
| for i in $IFACES; do | |
| [ "$i" == "$IFACE" ] && APPLY=1 | |
| done | |
| if [ "$APPLY" ]; then | |
| case $MODE in | |
| start) | |
| # Crea una nueva cadena y agrega el salto | |
| $IPTABLES -N INPUT.$IFACE | |
| $IPTABLES -A INPUT -i $IFACE -j INPUT.$IFACE | |
| # Reglas básicas para evitar problemas | |
| # Acepta todo lo de la red local | |
| $IPTABLES -A INPUT.$IFACE -s $IF_NETWORK/$IF_NETMASK -j ACCEPT | |
| # Acepta paquetes en estado establecido y relacionado | |
| $IPTABLES -A INPUT.$IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Reglas en si | |
| # Añadimos una regla para aceptar conexiones SSH | |
| $IPTABLES -A INPUT.$IFACE -p tcp --syn --dport 22 -j ACCEPT | |
| # Regla por defecto (la última) | |
| $IPTABLES -A INPUT.$IFACE -j DROP | |
| ;; | |
| stop) | |
| # Borra todas las cadenas y reglas creadas | |
| $IPTABLES -D INPUT -i $IFACE -j INPUT.$IFACE | |
| $IPTABLES -F INPUT.$IFACE | |
| $IPTABLES -X INPUT.$IFACE | |
| ;; | |
| *) | |
| echo "No action for $MODE mode" > /tmp/mode | |
| ;; | |
| esac | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment