Skip to content

Instantly share code, notes, and snippets.

@zhangchunlin

zhangchunlin/setiptables.py

Created December 23, 2011 09:46
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save zhangchunlin/1513742 to your computer and use it in GitHub Desktop.
Save zhangchunlin/1513742 to your computer and use it in GitHub Desktop.
Download ZIP
a little python script using to set iptables
Raw
setiptables.py
#! /usr/bin/env python
#coding=utf-8
#----config part----
INIT_CMDS = ["iptables -F",#clean all
"iptables -X",
"iptables -t nat -F",
"iptables -t nat -X",
"iptables -P INPUT DROP",#forbid all
"iptables -A INPUT -i lo -j ACCEPT"#accept all localhost
]
#INPUT: local(DPORT) <- remote(SPORT)
#remote port service can access
INPUT_ALLOWED_UDP_SPORTS = [53]#DNS,
INPUT_ALLOWED_TCP_SPORTS = [80,443,#http,https,
5222,5223,#xmpp
1352,#lotusnote
22,#ssh
3389,#xrdp
]
#local port service can be access
INPUT_ALLOWED_TCP_DPORTS = [22,3389]#ssh,xrdp,
INPUT_ALLOWED_IP = ["10.10.10.10",#your full access ip
]
#--------
import os
def do_cmd(cmd,dry_run = False):
print cmd
if not dry_run:
os.system(cmd)
def main(dry_run = False):
for cmd in INIT_CMDS:
do_cmd(cmd,dry_run)
for port in INPUT_ALLOWED_UDP_SPORTS:
cmd = "iptables -A INPUT -p udp --sport %d -j ACCEPT"%(port)
do_cmd(cmd,dry_run)
for port in INPUT_ALLOWED_TCP_SPORTS:
cmd = "iptables -A INPUT -p tcp --sport %d -j ACCEPT"%(port)
do_cmd(cmd,dry_run)
for port in INPUT_ALLOWED_TCP_DPORTS:
cmd = "iptables -A INPUT -p tcp --dport %d -j ACCEPT"%(port)
do_cmd(cmd,dry_run)
for ip in INPUT_ALLOWED_IP:
cmd = "iptables -A INPUT -s %s -j ACCEPT"%(ip)
do_cmd(cmd,dry_run)
do_cmd("iptables-save > /etc/iptables-rules",dry_run)
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment