http://wiki.nathael.net/index.php?action=history&feed=atom&title=Dev%2FHost%2FFirewall
Dev/Host/Firewall - Revision history
2026-04-16T15:59:10Z
Revision history for this page on the wiki
MediaWiki 1.41.0
http://wiki.nathael.net/index.php?title=Dev/Host/Firewall&diff=172&oldid=prev
Drizzt: Created page with "== Principe == == Entête du script == ### BEGIN INIT INFO # Provides: firewall # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Personnal iptables setup ### END INIT INFO == Structure == #! /bin/sh ### Add init info here ### PATH=/sbin:/bin ### Add "includes" (sourced scripts) ### do_start () { ### Add "start" content here ### echo "Firewal..."
2024-12-05T12:18:24Z
<p>Created page with "== Principe == == Entête du script == ### BEGIN INIT INFO # Provides: firewall # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Personnal iptables setup ### END INIT INFO == Structure == #! /bin/sh ### Add init info here ### PATH=/sbin:/bin ### Add "includes" (sourced scripts) ### do_start () { ### Add "start" content here ### echo "Firewal..."</p>
<p><b>New page</b></p><div>== Principe ==<br />
<br />
== Entête du script ==<br />
### BEGIN INIT INFO<br />
# Provides: firewall<br />
# Required-Start: $remote_fs $syslog<br />
# Required-Stop: $remote_fs $syslog<br />
# Default-Start: 2 3 4 5<br />
# Default-Stop: <br />
# Short-Description: Personnal iptables setup<br />
### END INIT INFO<br />
<br />
== Structure == <br />
#! /bin/sh<br />
### Add init info here ###<br />
<br />
PATH=/sbin:/bin<br />
### Add "includes" (sourced scripts) ###<br />
<br />
do_start () {<br />
### Add "start" content here ###<br />
echo "Firewall configured."<br />
exit<br />
}<br />
<br />
case "$1" in<br />
start|""|restart|reload|force-reload)<br />
do_start<br />
;;<br />
stop)<br />
# No-op<br />
;;<br />
*)<br />
echo "Usage: $0 [start|stop]" >&2<br />
exit 3<br />
;;<br />
esac<br />
<br />
<br />
== IPv4 : bases ==<br />
# IPv4 security<br />
iptables -F<br />
iptables -X<br />
iptables -t nat -F<br />
iptables -t nat -X<br />
iptables -P INPUT DROP<br />
iptables -P FORWARD ACCEPT<br />
iptables -P OUTPUT ACCEPT<br />
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
<br />
<br />
== IPv6 : bases ==<br />
# IPv6 security<br />
ip6tables -F<br />
ip6tables -X<br />
ip6tables -P INPUT DROP<br />
ip6tables -P FORWARD ACCEPT<br />
ip6tables -P OUTPUT ACCEPT<br />
ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
<br />
== More configuration ==<br />
=== Allow everything on localhost ===<br />
iptables -I INPUT -i lo -j ACCEPT<br />
iptables -I OUTPUT -o lo -j ACCEPT<br />
<br />
=== Allow Ping ===<br />
iptables -A INPUT -p icmp -j ACCEPT<br />
<br />
=== Need SSH access ? ===<br />
iptables -A INPUT -p tcp --dport 22 -d 192.168.1.2/32 -j ACCEPT<br />
(Change port and IP address according to your needs)<br />
<br />
=== IPv4 NAT ===<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE<br />
iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE<br />
<br />
And add NAT redirections<br />
# Web : to local web server<br />
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport http -j DNAT --to 192.168.2.6:80</div>
Drizzt