dumb_firewall
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dumb_firewall [2013/12/15 13:36] kyxap Page moved from stuff:iptables:dumb_firewall to iptables:dumb_firewall |
dumb_firewall [2021/11/17 21:12] (current) kyxap |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Простой фаервол, открывающий полный доступ для WHITELIST и только избранные порты для остальных. | + | {{tag>iptables}}====== Простой фаервол, открывающий доступ только для белого списка. ====== |
| + | |||
| + | Полный доступ для WHITELIST и только избранные порты для остальных. | ||
| <code bash> | <code bash> | ||
| - | #!/bin/sh | + | #!/usr/bin/env bash |
| + | |||
| + | iptables="echo /sbin/iptables" | ||
| + | |||
| + | WHITELIST=( 10.0.0.0/8 ) | ||
| - | iptables="/sbin/iptables" | + | TCP_PORTS=( 22 1514 1515 1516 55000 5601 ) |
| + | UDP_PORTS=( 1514 ) | ||
| - | WHITELIST="123.123.123.123 | + | TCP=${TCP_PORTS[@]} |
| - | 123.123.123.124/32 | + | UDP=${UDP_PORTS[@]} |
| - | 111.111.111.0/24 | + | |
| - | 111.222.0.0/16" | + | |
| #### START #### | #### START #### | ||
| Line 24: | Line 29: | ||
| # allow smtp, http | # allow smtp, http | ||
| - | $iptables -A INPUT -p tcp -m multiport --dports 25,53,80 -j ACCEPT | + | $iptables -A INPUT -p tcp -m multiport --dports ${TCP// /,} -j ACCEPT |
| - | $iptables -A INPUT -p udp -m multiport --dports 53 -j ACCEPT | + | $iptables -A INPUT -p udp -m multiport --dports ${UDP// /,} -j ACCEPT |
| # start whitelisting | # start whitelisting | ||
| - | for i in $WHITELIST; | + | for i in ${WHITELIST[@]}; |
| do | do | ||
| $iptables -A INPUT -s $i -j ACCEPT | $iptables -A INPUT -s $i -j ACCEPT | ||
dumb_firewall.1387114569.txt.gz · Last modified: 2013/12/15 13:36 by kyxap
