Last active
January 27, 2023 07:31
-
-
Save whoamiTM/b35606eadfdc81ff173942a9e2ba5214 to your computer and use it in GitHub Desktop.
Firewall Rules For IPv4 SoftEther VPN Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| ####################################################################### | |
| # iptables rules | |
| ####################################################################### | |
| # | |
| # Flush current V4 polices | |
| iptables -t nat -F | |
| iptables -t mangle -F | |
| iptables -F | |
| iptables -X | |
| # Set default chain policies | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| iptables -P INPUT DROP | |
| # Drop null packets | |
| iptables -I INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
| # DROP syn-flood packets | |
| iptables -I INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| # DROP XMAS packets | |
| iptables -I INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
| # Accept on localhost | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A OUTPUT -o lo -j ACCEPT | |
| # Accept on local network (optional) | |
| iptables -A INPUT -s 192.168.0.1/24 -j ACCEPT | |
| iptables -A OUTPUT -s 192.168.0.1/24 -j ACCEPT | |
| # Accept incoming SSH (default) | |
| iptables -I INPUT -p tcp --dport 22 -j ACCEPT | |
| # Accept incoming SSH | |
| iptables -A INPUT -p tcp -s 55.55.55.55 -m tcp --dport 19780 -j ACCEPT | |
| iptables -A INPUT -p tcp -s 55.55.55.55 -m tcp --dport 19780 -j ACCEPT | |
| # Accept incoming HTTPS for SoftEther (default) | |
| iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
| # Accept incoming OpenVPN | |
| iptables -A INPUT -p udp --dport 1194 -j ACCEPT | |
| # Accept incoming IPsec | |
| #iptables -A INPUT -p udp --dport 500 -j ACCEPT | |
| #iptables -A INPUT -p udp --dport 4500 -j ACCEPT | |
| # Allow established sessions to receive traffic | |
| iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| ######################################### | |
| ### End of rules | |
| ######################################### | |
| # Save Changes | |
| service iptables save | |
| # Service | |
| systemctl restart iptables | |
| systemctl status iptables |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
should this fix my problem on layer 3 ?