Created
September 29, 2016 21:04
-
-
Save paliwodar/6a18b700658aa885bd74204f377f3f74 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# remove existing rules and set defaults | |
iptables -F | |
iptables -X | |
iptables -t nat -F | |
iptables -t nat -X | |
iptables -t mangle -F | |
iptables -t mangle -X | |
iptables -P INPUT DROP | |
iptables -P FORWARD ACCEPT | |
iptables -P OUTPUT ACCEPT | |
#nat | |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
#filter | |
iptables -A INPUT -i lo -j ACCEPT | |
iptables -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT | |
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -A INPUT -i wlan0 -m state --state NEW -j ACCEPT | |
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP | |
iptables -A INPUT -f -j DROP | |
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP | |
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP | |
iptables -A INPUT -i wlan0 -p udp -m udp --sport 53 -j ACCEPT | |
iptables -A INPUT -j LOG --log-prefix "IPTABLES Dropped: " --log-level 7 | |
iptables -A INPUT -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment