leoleozhu/change-iptables.sh

## change-iptables.sh
#! /bin/bash

# Set the default policies to allow everything while we set up new rules.
# Prevents cutting yourself off when running from remote SSH.
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# Flush any existing rules, leaving just the defaults
iptables -F
iptables -t nat -F

# Open port 22 for incoming SSH connections.
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
# Open 80 & 443
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Open 8388 for shadowsocks
iptables -A INPUT -p tcp --dport 8388 -j ACCEPT

# PPTP NAT rule
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
# PPTP used not tcp or udp, but gre (protocol number 47).
iptables -A INPUT -p 47 -j ACCEPT

iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# SMTP
#iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# POP3
#iptables -A INPUT -p tcp --dport 110 -j ACCEPT
# IMAP
#iptables -A INPUT -p tcp --dport 143 -j ACCEPT
# IMAPS
#iptables -A INPUT -p tcp --dport 993 -j ACCEPT
# POP3S
#iptables -A INPUT -p tcp --dport 995 -j ACCEPT

#
# Other rules...
#

# Accept any localhost (loopback) calls.
iptables -A INPUT -i lo -j ACCEPT

# Allow any existing connection to remain.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Reset the default policies to stop all incoming and forward requests.
iptables -P INPUT DROP
iptables -P FORWARD DROP
# Accept any outbound requests from this server.
iptables -P OUTPUT ACCEPT

# Save the settings.
#service iptables save
#iptables-save -c

# Allow ping.
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Display the settings.
#iptables -L -v --line-numbers
	#! /bin/bash

	# Set the default policies to allow everything while we set up new rules.
	# Prevents cutting yourself off when running from remote SSH.
	iptables -P INPUT ACCEPT
	iptables -P FORWARD ACCEPT
	iptables -P OUTPUT ACCEPT

	# Flush any existing rules, leaving just the defaults
	iptables -F
	iptables -t nat -F

	# Open port 22 for incoming SSH connections.
	iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
	# Open 80 & 443
	iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	iptables -A INPUT -p tcp --dport 443 -j ACCEPT

	# Open 8388 for shadowsocks
	iptables -A INPUT -p tcp --dport 8388 -j ACCEPT

	# PPTP NAT rule
	iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
	# PPTP used not tcp or udp, but gre (protocol number 47).
	iptables -A INPUT -p 47 -j ACCEPT

	iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
	iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
	iptables -A FORWARD -i ppp1 -o eth0 -j ACCEPT
	iptables -A FORWARD -i eth0 -o ppp1 -j ACCEPT
	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

	# SMTP
	#iptables -A INPUT -p tcp --dport 25 -j ACCEPT
	# POP3
	#iptables -A INPUT -p tcp --dport 110 -j ACCEPT
	# IMAP
	#iptables -A INPUT -p tcp --dport 143 -j ACCEPT
	# IMAPS
	#iptables -A INPUT -p tcp --dport 993 -j ACCEPT
	# POP3S
	#iptables -A INPUT -p tcp --dport 995 -j ACCEPT

	#
	# Other rules...
	#

	# Accept any localhost (loopback) calls.
	iptables -A INPUT -i lo -j ACCEPT

	# Allow any existing connection to remain.
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Reset the default policies to stop all incoming and forward requests.
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	# Accept any outbound requests from this server.
	iptables -P OUTPUT ACCEPT

	# Save the settings.
	#service iptables save
	#iptables-save -c

	# Allow ping.
	iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
	iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

	# Display the settings.
	#iptables -L -v --line-numbers