Codice: Seleziona tutto
#!/bin/bash
######################################
# RIFIUTO DATI INGRESSO E TRANSITO #
######################################
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
##########
# BASE #
##########
sudo iptables -A INPUT -i lo ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
####################
# APERTURA PORTE #
####################
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 88 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 4662 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 4672 -j ACCEPT
################################
# DROP PACCHETTI NON RICHIESTI #
################################
sudo iptables -A INPUT -m state --state INVALID -j DROP
sudo iptables -A FORWARD -m state --state INVALID -j DROP
###########################################################
# IMPEDIRE L'ACCESSO A PACCHETTI ESTERNI CON IP PRIVATO #
###########################################################
sudo iptables -A INPUT -s 10.0.0.0/8 -i eth1 -j DROP
sudo iptables -A FORWARD -s 10.0.0.0/8 -i eth1 -j DROP
sudo iptables -A INPUT -s 172.16.0.0/12 -i eth1 -j DROP
sudo iptables -A FORWARD -s 172.16.0.0/12 -i eth1 -j DROP
sudo iptables -A INPUT -s 192.168.0.0/16 -i eth1 -j DROP
sudo iptables -A FORWARD -s 192.168.0.0/16 -i eth1 -j DROP

