From bd10da8de0db7abee3a2c78bb963cca922bb9850 Mon Sep 17 00:00:00 2001 From: ageissler Date: Tue, 29 Oct 2024 10:19:22 +0100 Subject: [PATCH] setup/init-iptables.sh aktualisiert --- setup/init-iptables.sh | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/setup/init-iptables.sh b/setup/init-iptables.sh index a9bf588..33ece51 100644 --- a/setup/init-iptables.sh +++ b/setup/init-iptables.sh @@ -1 +1,31 @@ #!/bin/bash + +############################################################### +### +### iptables konfig +### +############################################################### +apt -y install iptables iptables-persistent +touch /etc/iptables/rules.v4 +ln -s /etc/iptables/rules.v4 /etc/network/iptables.up.rules +echo '# Generated by install script +*filter +:INPUT DROP [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -m comment --comment "existing connections" +-A INPUT -d 127.0.0.0/8 -j ACCEPT -m comment --comment "connects to myself" +-A INPUT -p icmp -j ACCEPT -m comment --comment "allow ping" +-A INPUT -s 10.0.0.0/8 -j ACCEPT -m comment --comment "private sources" +-A INPUT -s 192.168.0.0/16 -j ACCEPT -m comment --comment "private sources" +-A INPUT -s 172.16.0.0/12 -j ACCEPT -m comment --comment "private sources" +-A INPUT -s 195.20.133.0/24 -j ACCEPT -m comment --comment "CONET sources" +-A INPUT -s 149.13.94.0/24 -j ACCEPT -m comment --comment "CONET sources" +-A INPUT -s 92.50.110.208/29 -j ACCEPT -m comment --comment "CONET sources" +-A INPUT -p tcp -m tcp --dport 22 -j DROP -m comment --comment "drop unknown ssh" +-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables: " --log-level 7 -m comment --comment "log other traffic ..." +-A INPUT -j ACCEPT -m comment --comment "... and drop nothing, config not finished" +COMMIT +# Completed +' > /etc/iptables/rules.v4 +iptables-apply \ No newline at end of file