Saturday, March 21, 2009

router da ateşduvarı

# Flush all chains
/sbin/iptables --flush
# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP

#/sbin/iptables -A INPUT -p gre -j ACCEPT
#/sbin/iptables -A OUTPUT -p gre -j ACCEPT
#/sbin/iptables -A FORWARD -p gre -j ACCEPT

# Previously initiated and accepted exchanges bypass rule checking
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


/sbin/iptables -A INPUT -i eth2 -p tcp -m multiport --destination-port 22,3128 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp -m multiport --destination-port 22,1723 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p tcp -m multiport --destination-port 1723 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p udp --destination-port 53 -m state --state NEW -j ACCEPT

/sbin/iptables -A OUTPUT -p udp --destination-port 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -d 192.43.244.18 -p udp --destination-port 123 -m state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -o eth1 -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
/sbin/iptables -A OUTPUT -o eth1 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT


/sbin/iptables -A FORWARD -i eth2 -p tcp -m multiport --destination-port 22,25,443,993,995,80,3128 -m state --state NEW -j ACCEPT
#/sbin/iptables -A FORWARD -p udp --destination-port 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -d 208.67.222.222 -p udp --destination-port 53 -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -d 208.67.220.220 -p udp --destination-port 53 -m state --state NEW -j ACCEPT
iptables -A FORWARD -d 70.84.136.149 -p tcp -m tcp --dport 2095 -m state --state NEW -j ACCEPT
iptables -A FORWARD -d 192.168.1.111 -p tcp -m tcp --dport 3389 -m state --state NEW -j ACCEPT
#pptp icin
#/sbin/iptables -t nat -A POSTROUTING -s 192.168.168.0/24 -o eth0 -j MASQUERADE
#vpn kullanicilari icin
#/sbin/iptables -A FORWARD -s 192.168.168.0/255.255.255.0 -d 90.1.2.45 -p tcp -m tcp --dport 23 -m state --state NEW -j ACCEPT
#/sbin/iptables -A FORWARD -s 192.168.168.0/255.255.255.0 -d 192.168.33.10 -p tcp -m tcp --dport 23 -m state --state NEW -j ACCEPT
#/sbin/iptables -A FORWARD -s 192.168.168.0/255.255.255.0 -d 192.168.77.10 -p tcp -m tcp --dport 23 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -o eth1 -d 192.43.244.18 -p udp -j ACCEPT

#buyuk paket icin
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 3/4 -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -p icmp -m icmp --icmp-type 3/4 -m state --state NEW -j ACCEPT
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)