iptables on etch

dbr:~# cat /etc/ppp/ip-up.d/iptrule
#!/bin/sh
#
# iptrules
#

LAN_NET="192.168.0.0/24"
LAN_IF="eth0"
DSL_IF="ppp0"
SSH_P="22"
WWW_P="80"
FTP_P="21"

iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t nat -F
iptables -t filter -F
iptables -t mangle -F

iptables -t nat -A POSTROUTING -o $DSL_IF -j MASQUERADE
iptables -t filter -A FORWARD -i $DSL_IF -o $LAN_IF -m state \
--state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -i $LAN_IF -o $DSL_IF -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport $SSH_P -j ACCEPT

iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET --dport 3000 \
-j ACCEPT
iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET --dport $WWW_P \
-j ACCEPT

iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET --dport $FTP_P \
-j ACCEPT
iptables -t filter -A INPUT -p tcp -i $LAN_IF -s $LAN_NET -m state \
--state RELATED,ESTABLISHED -j ACCEPT

iptables -t filter -A INPUT -i $DSL_IF -m state \
--state RELATED,ESTABLISHED -j ACCEPT

Leave a Reply

Your email address will not be published. Required fields are marked *