( sztupi | 2007. 07. 27., p – 15:58 )

ez van a tuzfalban

#!/bin/bash

echo "1" > /proc/sys/net/ipv4/ip_forward

INTIF="eth0"
EXTIF="eth1"
INTIP="192.168.1.231"
EXTIP="217.65.110.18"

iptables -F
iptables -P FORWARD DROP
iptables -P INPUT DROP

#log-and-drop lanc
iptables -N log-and-drop

#nem logolni a sok szemetet
iptables -A log-and-drop -j DROP -p tcp -m multiport --dports netbios-ns,netbios-dgm,netbios-ssn,135,445
iptables -A log-and-drop -j DROP -p udp -m multiport --dports netbios-ns,netbios-dgm,netbios-ssn,42508
iptables -A log-and-drop -j DROP
iptables -A log-and-drop -j REJECT

# Barracuda
iptables -t nat -A PREROUTING -i eth1 -p tcp -d 217.65.110.18 --dport 25 -j DNAT --to 192.168.1.45:25
iptables -A FORWARD -i eth1 -p tcp -d 192.168.1.45 --dport 25 -j ACCEPT

#iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 25 -j DNAT --to 192.168.1.45:25
#iptables -A FORWARD -i eth1 -o eth0 -p tcp -d 192.168.1.45 --dport 25 -j ACCEPT

# Clamav miatt kell a 10055,10056 a webmin miatt meg a 10000 port
iptables -A INPUT -j ACCEPT -s 127.0.0.0/8 -d 127.0.0.0/8
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -m multiport -p tcp --dports 25,110,143,20,220,989,990,115,80,443,10000,10055,10056
iptables -A INPUT -j ACCEPT -m multiport -p udp --dports 161
iptables -A INPUT -j ACCEPT -s 192.168.0.0/255.255.0.0

iptables -A INPUT -j ACCEPT -s 10.8.0.0/255.255.255.0
iptables -A INPUT -j ACCEPT -p icmp --icmp-type ! echo-request

# ssh Reject 20061011
iptables -A INPUT -j REJECT -i $EXTIF -p tcp --dport ssh

ez meg routing

217.65.110.16 0.0.0.0 255.255.255.248 U 0 0 0 eth1
192.168.7.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.6.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.5.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.4.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.3.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.113.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.114.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.115.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
192.168.10.0 192.168.1.244 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 217.65.110.17 0.0.0.0 UG 0 0 0 eth1