Browse Source

initial commit

secnet 2 years ago
commit
ed8c8499dc
1 changed files with 42 additions and 0 deletions
  1. 42
    0
      iptables.rules

+ 42
- 0
iptables.rules View File

@@ -0,0 +1,42 @@
1
+*filter
2
+:INPUT ACCEPT [139:11952]
3
+:FORWARD ACCEPT [0:0]
4
+:OUTPUT ACCEPT [31:3232]
5
+
6
+# Allow host ports
7
+-A INPUT -p tcp --dport 22 -j ACCEPT
8
+-A INPUT -p tcp --dport 53 -j ACCEPT
9
+-A INPUT -p tcp --dport 80 -j ACCEPT
10
+-A INPUT -p tcp --dport 13699 -j ACCEPT
11
+
12
+# Standard Internal Traffic
13
+-A INPUT -i lo -j ACCEPT
14
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
15
+
16
+# NAT Forwarding
17
+-A FORWARD -i enp2s0.10 -o enp2s0.2 -j ACCEPT
18
+-A FORWARD -i enp2s0.11 -o enp2s0.2 -j ACCEPT
19
+-A FORWARD -i enp2s0.12 -o enp2s0.2 -j ACCEPT
20
+-A FORWARD -i enp2s0.13 -o enp2s0.2 -j ACCEPT
21
+-A FORWARD -i enp2s0.14 -o enp2s0.2 -j ACCEPT
22
+
23
+# NAT Returns
24
+-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
25
+-A FORWARD -m conntrack --ctstate INVALID -j DROP
26
+
27
+# Drop weird shit
28
+-A INPUT -p tcp -j DROP
29
+
30
+COMMIT
31
+
32
+*nat
33
+:PREROUTING ACCEPT [12:835]
34
+:INPUT ACCEPT [12:835]
35
+:OUTPUT ACCEPT [1:104]
36
+:POSTROUTING ACCEPT [0:0]
37
+
38
+# General NAT Traffic
39
+-A POSTROUTING -o enp2s0.2 -j MASQUERADE
40
+
41
+COMMIT
42
+

Loading…
Cancel
Save