This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
dumb_firewall [2021/11/17 20:58] kyxap |
dumb_firewall [2021/11/17 21:12] (current) kyxap |
||
---|---|---|---|
Line 6: | Line 6: | ||
#!/usr/bin/env bash | #!/usr/bin/env bash | ||
- | iptables="/sbin/iptables" | + | iptables="echo /sbin/iptables" |
- | WHITELIST="123.123.123.123 | + | WHITELIST=( 10.0.0.0/8 ) |
- | 123.123.123.124/32 | + | |
- | 111.111.111.0/24 | + | TCP_PORTS=( 22 1514 1515 1516 55000 5601 ) |
- | 111.222.0.0/16" | + | UDP_PORTS=( 1514 ) |
+ | |||
+ | TCP=${TCP_PORTS[@]} | ||
+ | UDP=${UDP_PORTS[@]} | ||
#### START #### | #### START #### | ||
Line 26: | Line 29: | ||
# allow smtp, http | # allow smtp, http | ||
- | $iptables -A INPUT -p tcp -m multiport --dports 25,53,80 -j ACCEPT | + | $iptables -A INPUT -p tcp -m multiport --dports ${TCP// /,} -j ACCEPT |
- | $iptables -A INPUT -p udp -m multiport --dports 53 -j ACCEPT | + | $iptables -A INPUT -p udp -m multiport --dports ${UDP// /,} -j ACCEPT |
# start whitelisting | # start whitelisting | ||
- | for i in $WHITELIST; | + | for i in ${WHITELIST[@]}; |
do | do | ||
$iptables -A INPUT -s $i -j ACCEPT | $iptables -A INPUT -s $i -j ACCEPT |