iptables my latest updates.
Posted: Mon Mar 08, 2010 6:01 pm
#!/bin/bash
#echo 1 > /proc/sys/net/ipv4/ip_forward # For quick Enable IP FORWARDING
iptables -F
iptables -t nat -F
modprobe ip_nat_ftp
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
###############################################################################
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###############################################################################
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT #Proxy Server
iptables -A INPUT -p tcp --dport 22 -j ACCEPT #SSH
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT #Webmin
########## BIND PORTS ##########
iptables -A INPUT -p tcp --dport 42 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
################################
iptables -A INPUT -p udp --dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 68 -j ACCEPT
iptables -A INPUT -p udp --dport 68 -j ACCEPT
###############################################################################
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 # Transparent
###############################################################################
# Applying this changes will be applied on your Clients.
iptables -A FORWARD -p tcp --dport 20 -j ACCEPT # FTP
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT # FTP
iptables -A FORWARD -p udp --dport 20 -j ACCEPT
iptables -A FORWARD -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT # SSH
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT # Simple Mail Transfer Protocol (SMTP)
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT # Exchange Server listens
iptables -A FORWARD -p tcp --dport 143 -j ACCEPT # Email clients retrieve mail by IMAP
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT # HTTP
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT # Secure Sockets Layer (SSL)
iptables -A FORWARD -p tcp --dport 1863 -j ACCEPT # Instant Messenging
iptables -A FORWARD -p tcp --dport 5000 -j ACCEPT # Universal plug and play service (UPNP)
iptables -A FORWARD -p tcp --dport 5001 -j ACCEPT #
iptables -A FORWARD -p tcp --dport 5005 -j ACCEPT #
iptables -A FORWARD -p tcp --dport 5050 -j ACCEPT # Yahoo Chat & Messenger
iptables -A FORWARD -p tcp --dport 5100 -j ACCEPT # Yahoo Messenger - Webcams,Video
iptables -A FORWARD -p tcp --dport 6660:6670 -j ACCEPT # mIRC
iptables -A FORWARD -p tcp --dport 7000 -j ACCEPT # mIRC
iptables -A FORWARD -p tcp --dport 28805 -j ACCEPT # Multiplayer games
iptables -A FORWARD -p tcp --dport 32196 -j ACCEPT # Try Google Search
iptables -A FORWARD -p tcp --dport 27315 -j ACCEPT #
iptables -A FORWARD -p tcp --dport 51215 -j ACCEPT # For chat.mobilinksms.com
iptables -A FORWARD -p tcp --dport 5125 -j ACCEPT # WORLD CHESS PORT
iptables -A FORWARD -p tcp --dport 12141 -j ACCEPT # http://www.mixchaat.com/sms/
iptables -A FORWARD -p tcp --dport 11999 -j ACCEPT # For Yahoo Games
iptables -A FORWARD -p tcp --dport 19865 -j ACCEPT # My psyBNC port heh
iptables -A FORWARD -p tcp --dport 53 -j ACCEPT # DNS server forward on Convert IP
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
################################
###############################################################################
iptables -t nat -A POSTROUTING -j MASQUERADE
###############################################################################
#echo 1 > /proc/sys/net/ipv4/ip_forward # For quick Enable IP FORWARDING
iptables -F
iptables -t nat -F
modprobe ip_nat_ftp
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
###############################################################################
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###############################################################################
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT #Proxy Server
iptables -A INPUT -p tcp --dport 22 -j ACCEPT #SSH
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT #Webmin
########## BIND PORTS ##########
iptables -A INPUT -p tcp --dport 42 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
################################
iptables -A INPUT -p udp --dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 68 -j ACCEPT
iptables -A INPUT -p udp --dport 68 -j ACCEPT
###############################################################################
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 # Transparent
###############################################################################
# Applying this changes will be applied on your Clients.
iptables -A FORWARD -p tcp --dport 20 -j ACCEPT # FTP
iptables -A FORWARD -p tcp --dport 21 -j ACCEPT # FTP
iptables -A FORWARD -p udp --dport 20 -j ACCEPT
iptables -A FORWARD -p udp --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT # SSH
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT # Simple Mail Transfer Protocol (SMTP)
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT # Exchange Server listens
iptables -A FORWARD -p tcp --dport 143 -j ACCEPT # Email clients retrieve mail by IMAP
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT # HTTP
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT # Secure Sockets Layer (SSL)
iptables -A FORWARD -p tcp --dport 1863 -j ACCEPT # Instant Messenging
iptables -A FORWARD -p tcp --dport 5000 -j ACCEPT # Universal plug and play service (UPNP)
iptables -A FORWARD -p tcp --dport 5001 -j ACCEPT #
iptables -A FORWARD -p tcp --dport 5005 -j ACCEPT #
iptables -A FORWARD -p tcp --dport 5050 -j ACCEPT # Yahoo Chat & Messenger
iptables -A FORWARD -p tcp --dport 5100 -j ACCEPT # Yahoo Messenger - Webcams,Video
iptables -A FORWARD -p tcp --dport 6660:6670 -j ACCEPT # mIRC
iptables -A FORWARD -p tcp --dport 7000 -j ACCEPT # mIRC
iptables -A FORWARD -p tcp --dport 28805 -j ACCEPT # Multiplayer games
iptables -A FORWARD -p tcp --dport 32196 -j ACCEPT # Try Google Search
iptables -A FORWARD -p tcp --dport 27315 -j ACCEPT #
iptables -A FORWARD -p tcp --dport 51215 -j ACCEPT # For chat.mobilinksms.com
iptables -A FORWARD -p tcp --dport 5125 -j ACCEPT # WORLD CHESS PORT
iptables -A FORWARD -p tcp --dport 12141 -j ACCEPT # http://www.mixchaat.com/sms/
iptables -A FORWARD -p tcp --dport 11999 -j ACCEPT # For Yahoo Games
iptables -A FORWARD -p tcp --dport 19865 -j ACCEPT # My psyBNC port heh
iptables -A FORWARD -p tcp --dport 53 -j ACCEPT # DNS server forward on Convert IP
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
################################
###############################################################################
iptables -t nat -A POSTROUTING -j MASQUERADE
###############################################################################