Created
September 17, 2014 10:30
-
-
Save mdijoux/86cfd7ee02041c94f87b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Reset Firewall | |
iptables -t filter -F | |
iptables -t filter -X | |
# Bloquage total | |
iptables -t filter -P INPUT DROP | |
iptables -t filter -P OUTPUT DROP | |
iptables -t filter -P FORWARD DROP | |
# Ne pas casser les connexions | |
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
# Autorise le loopback (127.0.0.1) | |
iptables -t filter -A INPUT -i lo -j ACCEPT | |
iptables -t filter -A OUTPUT -o lo -j ACCEPT | |
echo "Loopback" | |
# ICMP (le ping) | |
iptables -t filter -A INPUT -p icmp -j ACCEPT | |
iptables -t filter -A OUTPUT -p icmp -j ACCEPT | |
echo "Ping ok" | |
# SSH IN/OUT | |
iptables -t filter -A INPUT -p tcp --dport 1602 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 1602 -j ACCEPT | |
echo "SSH ok" | |
# DNS In/Out | |
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT | |
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT | |
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT | |
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT | |
echo "dns ok" | |
# NTP Out | |
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT | |
echo "ntp ok" | |
# HTTP + HTTPS Out | |
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT | |
# HTTP + HTTPS In | |
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT | |
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT | |
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT | |
echo "http ok" | |
# FTP Out | |
iptables -t filter -A OUTPUT -p tcp --dport 21 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 20 -j ACCEPT | |
# FTP In | |
# imodprobe ip_conntrack_ftp # ligne facultative avec les serveurs OVH | |
iptables -t filter -A INPUT -p tcp --dport 20 -j ACCEPT | |
iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT | |
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
echo "ftp ok" | |
# Mail SMTP:25 | |
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT | |
# Mail POP3:110 | |
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT | |
# Mail IMAP:143 | |
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT | |
# Mail POP3S:995 | |
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT | |
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT | |
echo "mail ok" | |
# Monit | |
iptables -t filter -A INPUT -p tcp --dport 4598 -j ACCEPT | |
# Webmin | |
iptables -t filter -A INPUT -p tcp --dport 10000 -j ACCEPT | |
echo "monitoring ok" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment