Revision [275]
Most recent edit made on 2008-11-20 11:42:16 by cmantitoAdditions:
iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look below. Simply download, modify the variables to suit your setup, and then run the script. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^
%%(bash;;iptables-config.sh)
%%(bash;;iptables-config.sh)
Deletions:
iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look below. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^
%%(bash;;iptables-config)
%%(bash;;iptables-config)
Revision [274]
Edited on 2008-11-20 11:40:59 by cmantitoAdditions:
seeAlso = ["iptablesEasyConfig"];
Revision [272]
Edited on 2008-11-20 11:29:08 by cmantitoAdditions:
iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look below. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^
Deletions:
iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look and download it here∞. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^
Revision [270]
Edited on 2008-11-20 11:25:10 by cmantitoAdditions:
Deletions:
Revision [141]
Edited on 2008-10-19 08:23:58 by cmantitoAdditions:
download = ["from CodeWiki", "/iptablesConfig#getCode"];
>>=====Script Information=====--- iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look and download it [[http://kevinsnet.com/download/iptables-config here]]. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^ --- =====Script Source=====--- %%(bash;;iptables-config) #!/bin/bash # iptables-config by cmantito (cmantito@cmantito.com // cmantito.com) # added a rule to allow incoming pings, so that is fixed [27/04/2006] # next version will be rc-script-ish and slightly more flexible...eventually # IPTABLES parameters config incoming="iptables -A INPUT" outgoing="iptables -A OUTPUT" forwarding="iptables -A FORWARD" tcp="-p TCP" udp="-p UDP" icmp="-p icmp" accept="-j ACCEPT" drop="-j DROP" reject="-j REJECT" forward="-j FORWARD" # TCP: Allowed Ports TCP_ACCEPT_PORTS="22 23 25 80 143 548 587 993 3306 3690 6667 6697 9999 48240 48241 48242 48243 48244" # Blackholed IPs TCP_REJECT_IPS=
TCP_DROP_IPS="62.181.182.52"
# UDP: Allowed Ports
UDP_ACCEPT_PORTS= # Blackholed IPs UDP_REJECT_IPS=
UDP_DROP_IPS= # Clear existing rules. iptables --flush # Set REJECT rules for ip in $TCP_REJECT_IPS ; do $incoming $tcp -s $ip $reject done for ip in $UDP_REJECT_IPS ; do $incoming $udp -s $ip $reject done # Set DROP rules for ip in $TCP_DROP_IPS ; do $incoming $tcp -s $ip $drop done for ip in $UDP_DROP_IPS ; do $incoming $udp -s $ip $drop done # Set ACCEPT rules. for port in $TCP_ACCEPT_PORTS ; do $incoming $tcp --dport $port $accept done for port in $UDP_ACCEPT_PORTS ; do $incoming $udp --dport $port $accept done # ACCEPT ICMP pings. $incoming $icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED $accept # Add more rules here. # Allow all outgoing traffic, established sessions. $incoming -m state --state RELATED,ESTABLISHED $accept $forwarding -i eth0 -m state --state RELATED,ESTABLISHED $accept $outgoing -m state --state NEW,RELATED,ESTABLISHED $accept # Set an implicit DENY $incoming $reject $forwarding $reject # Show em all. iptables -L %% <a name='getCode'>""
>>=====Script Information=====--- iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look and download it [[http://kevinsnet.com/download/iptables-config here]]. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^ --- =====Script Source=====--- %%(bash;;iptables-config) #!/bin/bash # iptables-config by cmantito (cmantito@cmantito.com // cmantito.com) # added a rule to allow incoming pings, so that is fixed [27/04/2006] # next version will be rc-script-ish and slightly more flexible...eventually # IPTABLES parameters config incoming="iptables -A INPUT" outgoing="iptables -A OUTPUT" forwarding="iptables -A FORWARD" tcp="-p TCP" udp="-p UDP" icmp="-p icmp" accept="-j ACCEPT" drop="-j DROP" reject="-j REJECT" forward="-j FORWARD" # TCP: Allowed Ports TCP_ACCEPT_PORTS="22 23 25 80 143 548 587 993 3306 3690 6667 6697 9999 48240 48241 48242 48243 48244" # Blackholed IPs TCP_REJECT_IPS=
TCP_DROP_IPS="62.181.182.52"
# UDP: Allowed Ports
UDP_ACCEPT_PORTS= # Blackholed IPs UDP_REJECT_IPS=
UDP_DROP_IPS= # Clear existing rules. iptables --flush # Set REJECT rules for ip in $TCP_REJECT_IPS ; do $incoming $tcp -s $ip $reject done for ip in $UDP_REJECT_IPS ; do $incoming $udp -s $ip $reject done # Set DROP rules for ip in $TCP_DROP_IPS ; do $incoming $tcp -s $ip $drop done for ip in $UDP_DROP_IPS ; do $incoming $udp -s $ip $drop done # Set ACCEPT rules. for port in $TCP_ACCEPT_PORTS ; do $incoming $tcp --dport $port $accept done for port in $UDP_ACCEPT_PORTS ; do $incoming $udp --dport $port $accept done # ACCEPT ICMP pings. $incoming $icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED $accept # Add more rules here. # Allow all outgoing traffic, established sessions. $incoming -m state --state RELATED,ESTABLISHED $accept $forwarding -i eth0 -m state --state RELATED,ESTABLISHED $accept $outgoing -m state --state NEW,RELATED,ESTABLISHED $accept # Set an implicit DENY $incoming $reject $forwarding $reject # Show em all. iptables -L %% <a name='getCode'>""
Deletions:
download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
""
""
iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look and download it here∞. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^
Revision [131]
Edited on 2008-10-19 08:09:32 by cmantitoAdditions:
Categories: CategoryStable
Deletions:
Revision [95]
Edited on 2008-10-19 07:56:37 by cmantitoAdditions:
Revision [61]
Edited on 2008-10-18 22:38:16 by cmantitoAdditions:
<script language="javascript" src="/_KCL/infobox-setup.js"></script>
project = "iptables-config";
commenced = "01/2006";
languages = ["BASH"];
latestVersion = ".2";
developmentStage = "Stable";
developmentStatus = "Sporadic";
download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
project = "iptables-config";
commenced = "01/2006";
languages = ["BASH"];
latestVersion = ".2";
developmentStage = "Stable";
developmentStatus = "Sporadic";
download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
Deletions:
var project = "iptables-config";
var commenced = "01/2006";
var languages = ["BASH"];
var latestVersion = ".2";
var developmentStage = "Stable";
var developmentStatus = "Sporadic";
var download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
var commenced = "01/2006";
var languages = ["BASH"];
var latestVersion = ".2";
var developmentStage = "Stable";
var developmentStatus = "Sporadic";
var download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
Revision [60]
Edited on 2008-10-18 22:23:08 by cmantitoDeletions:
var demo = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
Revision [59]
Edited on 2008-10-18 22:23:02 by cmantitoAdditions:
var download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
Revision [58]
Edited on 2008-10-18 22:22:50 by cmantitoAdditions:
var demo = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
Deletions:
var download = ["from Kevinsnet.com", "http://kevinsnet.com/download/iptables-config"]∞;
Revision [57]
Edited on 2008-10-18 22:21:50 by cmantitoAdditions:
var project = "iptables-config";
Deletions:
var project = "SphereBot";
Revision [56]
Edited on 2008-10-18 22:21:08 by cmantitoAdditions:
Deletions:
iptables-config is a fairly simple, straightforward BASH script for quickly setting up an iptables firewall on a single server to block all but specified ports, and has the ability to block certain IPs, IP blocks, or ranges of IPs. It is configured by default to allow pings. Take a look and download it here∞. Simply download, modify the variables to suit your setup, and then run the script ('bash ./iptables-config' or after a chmod +x, './iptables-config'. Hasn't been updated in a little over a year (hence why it's in this section), but I have plans for it soon to be rc-ified and maybe a bit more .. modular. As soon as I get some free time. ^_^