Scribd
Upload
30 views1 page

Iptables Pronto

Uploaded by

George Azevedo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
30 views1 page

Iptables Pronto

Uploaded by

George Azevedo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

## FILTER

iptables -P INPUT DROP


iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -s 192.168.31.2/32 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 172.17.0.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 172.17.0.0/24 -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A FORWARD -s 192.168.200.2/32 -p udp -m udp --dport 53 -j ACCEPT
iptables -A FORWARD -d 192.168.200.2/32 -p udp -m udp --sport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.200.2/32 -p tcp -m multiport --dports 80,443 -j
ACCEPT
iptables -A FORWARD -d 192.168.200.2/32 -p tcp -m multiport --sports 80,443 -j
ACCEPT
iptables -A FORWARD -s 172.17.0.0/24 -d 192.168.200.2/32 -p udp -m udp --dport 53
-j ACCEPT
iptables -A FORWARD -s 192.168.200.2/32 -d 172.17.0.0/24 -p udp -m udp --sport 53
-j ACCEPT
iptables -A FORWARD -s 172.17.0.0/24 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -A FORWARD -d 172.17.0.0/24 -p tcp -m multiport --sports 80,443 -j ACCEPT
iptables -A FORWARD -s 172.17.0.0/24 -d 192.168.200.0/24 -p tcp -m tcp --dport 22
-j ACCEPT
iptables -A FORWARD -s 192.168.200.0/24 -d 172.17.0.0/24 -p tcp -m tcp --sport 22
-j ACCEPT
iptables -A FORWARD -s 172.17.0.0/24 -d 192.168.200.3/32 -p tcp -m tcp --dport 3306
-j ACCEPT
iptables -A FORWARD -s 192.168.200.3/32 -d 172.17.0.0/24 -p tcp -m tcp --sport 3306
-j ACCEPT
iptables -A OUTPUT -d 192.168.31.2/32 -p tcp -m tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -d 172.17.0.0/24 -p tcp -m tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -d 172.17.0.0/24 -p icmp -m icmp --icmp-type 0 -j ACCEPT

## NAT
iptables -t nat -A POSTROUTING -s 192.168.200.2/32 -o eth3 -p udp -m udp --dport 53
-j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth3 -p tcp -m multiport
--dports 80,443 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.17.0.0/24 -o eth3 -p tcp -m multiport
--dports 80,443 -j MASQUERADE

You might also like