Scribd Logo
Upload

Welcome to Scribd!

  • Iptables Tutorial - Exa - FW - Script

    Uploaded by

    mo3awia2099
    40 views3 pages
    Lan1="eth0" # lan2="eth1" # eth1 interface which connected to our lan # setting up and configuring the interfaces ifconfig $lan1 192.168.0. Netmask 255.255.255 # will be the gateway address for lan1 #ifconfig lan2 192.168.0.255. Broadcast 192.68.0.255 up # will be A gateway for lan2 # Remove all rules iptables -

    Original Description:

    Original Title

    iptables tutorial- Exa- Fw- Script

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Lan1="eth0" # lan2="eth1" # eth1 interface which connected to our lan # setting up and configuring the interfaces ifconfig $lan1 192.168.0. Netmask 255.255.255 # will be the gateway address for lan1 #ifconfig lan2 192.168.0.255. Broadcast 192.68.0.255 up # will be A gateway for lan2 # Remove all rules iptables -

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    40 views3 pages

    Iptables Tutorial - Exa - FW - Script

    Uploaded by

    mo3awia2099
    Lan1="eth0" # lan2="eth1" # eth1 interface which connected to our lan # setting up and configuring the interfaces ifconfig $lan1 192.168.0. Netmask 255.255.255 # will be the gateway address for lan1 #ifconfig lan2 192.168.0.255. Broadcast 192.68.0.255 up # will be A gateway for lan2 # Remove all rules iptables -

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    #!

    /bin/bash
    ##############################################################################
    # ALL RIGHTS REVESED TO: #
    # ALZAEEM AL-AZHARY UNIVERSITY #
    # FACULITY OF ENGENEERING- DEPARTMENT OF COMPUTER ENGENEERING #
    ##############################################################################

    modprobe ip_tables
    modprobe ip_nat_ftp
    modprobe ip_nat_irc
    modprobe ip_conntrack_irc
    modprobe ip_conntrack_ftp
    modprobe iptable_filter
    modprobe iptable_nat
    modprobe ipt_recent

    # variables

    internet="ppp0" # internet interface


    lan1="eth0" # eth0 interface which connected to our lan
    #lan2="eth1" # eth1 interface which connected to the second lan

    # setting up and configuring the interfaces


    ifconfig $lan1 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 up # will be the gateway
    address for lan1
    #ifconfig $lan2 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255 up # will be the gateway
    address for lan2

    # Remove all rules


    iptables -F
    iptables -X

    # allowing loopack traffic so the NIC can communicate itself


    iptables -A INPUT -i lo -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -o lo -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

    # allowing established sessions and forwarding

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i $lan1 -o $internet -m state --state ESTABLISHED,RELATED -j ACCEPT
    #iptables -A FORWARD -i $lan2 -o $internet -m state --state ESTABLISHED,RELATED -j ACCEPT
    #iptables -A FORWARD -i $lan2 -o $lan1 -m state --state ESTABLISHED,RELATED -j ACCEPT
    #iptables -A FORWARD -i $lan1 -o $lan2 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i $internet -o $lan1 -j ACCEPT
    #iptables -A FORWARD -i $internet -o $lan2 -j ACCEPT

    # allowing our network


    iptables -A INPUT -s 192.168.0.0/24
    iptables -A OUTPUT -s 192.168.0.0/24

    # anti spoofing
    iptables -A INPUT -s 66.220.0.0/24 -j DROP

    #net.ipv4.conf.default.rp_filter=1 # from /etc/sysctl.conf illustruted as spoofing protection


    #net.ipv4.conf.all.rp_filter=1

    iptables -N NS
    iptables -A INPUT -s 10.0.0.0/8 -j NS
    iptables -A INPUT -s 169.254.0.0/16 -j NS
    iptables -A INPUT -s 172.16.0.0/12 -j NS
    iptables -A INPUT -s 244.0.0.0/4 -j NS
    iptables -A INPUT -d 244.0.0.0/4 -j NS
    iptables -A INPUT -s 240.0.0.0/5 -j NS
    iptables -A INPUT -d 240.0.0.0/5 -j NS
    iptables -A INPUT -s 0.0.0.0/8 -j NS
    iptables -A INPUT -d 0.0.0.0/8 -j NS
    iptables -A INPUT -d 239.255.255.0/24 -j NS
    iptables -A NS -j DROP

    # Defending against the smurf attacks and limiting icmp flowing rates
    iptables -N SD
    iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j SD
    iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
    iptables -A SD -j DROP

    # allowing http (www) connecting incoming and outgoing


    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p udp --dport 80 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp --dport 53 -j ACCEPT

    # drop rule ( DROPING ALL OTHER CONNECTIONS)


    iptables -A INPUT -j DROP
    iptables -A OUTPUT -j DROP
    iptables -A FORWARD -j DROP

    # enable routing

    echo 1 > /proc/sys/net/ipv4/ip_forward

    # End message
    echo " [Project Firewall Activated ...]"
    echo " [Project Router Functionality Activated... ]"
    echo " [ Interfaces details : "
    ifconfig $lan1
    echo "

    "
    date

    echo "Done..."

    You might also like