dumb_firewall
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
dumb_firewall [2021/11/17 20:58] kyxap |
dumb_firewall [2021/11/17 21:12] (current) kyxap |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| #!/usr/bin/env bash | #!/usr/bin/env bash | ||
| - | iptables="/sbin/iptables" | + | iptables="echo /sbin/iptables" |
| - | WHITELIST="123.123.123.123 | + | WHITELIST=( 10.0.0.0/8 ) |
| - | 123.123.123.124/32 | + | |
| - | 111.111.111.0/24 | + | TCP_PORTS=( 22 1514 1515 1516 55000 5601 ) |
| - | 111.222.0.0/16" | + | UDP_PORTS=( 1514 ) |
| + | |||
| + | TCP=${TCP_PORTS[@]} | ||
| + | UDP=${UDP_PORTS[@]} | ||
| #### START #### | #### START #### | ||
| Line 26: | Line 29: | ||
| # allow smtp, http | # allow smtp, http | ||
| - | $iptables -A INPUT -p tcp -m multiport --dports 25,53,80 -j ACCEPT | + | $iptables -A INPUT -p tcp -m multiport --dports ${TCP// /,} -j ACCEPT |
| - | $iptables -A INPUT -p udp -m multiport --dports 53 -j ACCEPT | + | $iptables -A INPUT -p udp -m multiport --dports ${UDP// /,} -j ACCEPT |
| # start whitelisting | # start whitelisting | ||
| - | for i in $WHITELIST; | + | for i in ${WHITELIST[@]}; |
| do | do | ||
| $iptables -A INPUT -s $i -j ACCEPT | $iptables -A INPUT -s $i -j ACCEPT | ||
dumb_firewall.txt · Last modified: 2021/11/17 21:12 by kyxap
