що це, і чого воно робить у обговоренні?
-- isbear 12-11-2012
#!/bin/bash # 20050509 iptables_lo.sh hse@ukr.net # Distributed under the terms of the GNU General Public License v2 or later # Exampel of iptables script for loopback # # instalations: # /etc/init.d/iptables stop # ./iptables_lo.sh # /etc/init.d/iptables save iptables="/sbin/iptables" # 0 ******************* VARIABLE setup ***************************** # befor runing this script setup configuration of youre network here: # begin #Interface setup LoopBackInterface="lo" #Ip Address setup LoopBackIP="127.0.0.0/8" #Chack for netfilter/iptables kernel modules: #modprobe iptable_nat #modprobe ip_nat_ftp #modprobe ip_conntrack #modprobe ip_contrack_ft #modprobe ... # end # fill free to chang next firewall ruls to youre sute # I ******************* FILTERING TABEL ruls **************************** # (0) Policies (default) $iptables -t filter -P INPUT DROP $iptables -t filter -P OUTPUT DROP $iptables -t filter -P FORWARD DROP # (1) User-defined chains for ACCEPTed TCP packets # from Internet # (2) INPUT chain rules # Rules for incoming packets from local computer and broadcast $iptables -A INPUT -p ALL -i ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #TCP rules # UDP rules #ICMP rules #(3) FORWARD chain rules # ACCEPT packets we wont to forward # No one # (4) OUTPUT chain rules #Only output packets from local addresses no spoofing $iptables -A OUTPUT -p ALL -o ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # II ***************** MANGLE TABEL ruls ***************************** # (0) Policies (default) $iptables -t mangle -P PREROUTING DROP $iptables -t mangle -P INPUT DROP $iptables -t mangle -P FORWARD DROP $iptables -t mangle -P OUTPUT DROP $iptables -t mangle -P POSTROUTING DROP # (1) Mangel USER define chain rules # (2) Mangel PREROUTING chain rules # Rules for incoming packets from local computer $iptables -t mangle -A PREROUTING -p ALL -i ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Rules for incoming packets from Internet # (3) Mangel INPUT chain rules $iptables -t mangle -A INPUT -p ALL -i ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # (4) Mangel FORWARD chain rules # (5) Mangel OUTPUT chain rules $iptables -t mangle -A OUTPUT -p ALL -o ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # (6) Mangel POSTROUTING chain rules #Only output packets from local addresses no spoofing $iptables -t mangle -A POSTROUTING -p ALL -o ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # III ***************** NAT TABEL ruls ******************************* # (0) Policies (default) $iptables -t nat -P PREROUTING DROP $iptables -t nat -P OUTPUT DROP $iptables -t nat -P POSTROUTING DROP # (1) NAT USER define chain rules # (2) PREROUTING chain rles REDIRECTION and PORTMAPING #INPUT # Rules for incoming packets from local computer and broadcast $iptables -t nat -A PREROUTING -p ALL -i ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Rules for incoming packets from Internet # (3) OUTPUT chain rules #Only output packets from local addresses no spoofing $iptables -t nat -A OUTPUT -p ALL -o ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # (4) POSTROUTING chain rules NAT or MASQUERADE $iptables -t nat -A POSTROUTING -p ALL -o ${LoopBackInterface} -s ${LoopBackIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT exit 0