Browse Source

initial commit

master
secnet 4 years ago
commit
ed8c8499dc
  1. 42
      iptables.rules

42
iptables.rules

@ -0,0 +1,42 @@
*filter
:INPUT ACCEPT [139:11952]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:3232]
# Allow host ports
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 13699 -j ACCEPT
# Standard Internal Traffic
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# NAT Forwarding
-A FORWARD -i enp2s0.10 -o enp2s0.2 -j ACCEPT
-A FORWARD -i enp2s0.11 -o enp2s0.2 -j ACCEPT
-A FORWARD -i enp2s0.12 -o enp2s0.2 -j ACCEPT
-A FORWARD -i enp2s0.13 -o enp2s0.2 -j ACCEPT
-A FORWARD -i enp2s0.14 -o enp2s0.2 -j ACCEPT
# NAT Returns
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate INVALID -j DROP
# Drop weird shit
-A INPUT -p tcp -j DROP
COMMIT
*nat
:PREROUTING ACCEPT [12:835]
:INPUT ACCEPT [12:835]
:OUTPUT ACCEPT [1:104]
:POSTROUTING ACCEPT [0:0]
# General NAT Traffic
-A POSTROUTING -o enp2s0.2 -j MASQUERADE
COMMIT
Loading…
Cancel
Save