Vous n'êtes pas identifié(e).
L'icône rouge permet de télécharger chaque page du wiki visitée au format PDF et la grise au format ODT →
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
utilisateurs:hypathie:config:mon-script-pare-feu-passerelle [15/11/2014 17:46] Hypathie créée |
utilisateurs:hypathie:config:mon-script-pare-feu-passerelle [15/11/2014 17:51] (Version actuelle) Hypathie |
||
---|---|---|---|
Ligne 4: | Ligne 4: | ||
- | <code bash> | + | <code text mon-script-iptables> |
#!/bin/sh | #!/bin/sh | ||
- | ### BEGIN INIT INFO | + | |
- | # Provides: iptables | + | |
- | # Required-Start: | + | |
- | # Should-Start: | + | |
- | # Required-Stop: | + | |
- | # Should-Stop: | + | |
- | # Default-Start: 2 3 4 5 | + | |
- | # Default-Stop: 0 1 6 | + | |
- | # Short-description: iptables | + | |
- | # Description: Firewall | + | |
- | ### END INIT INFO | + | |
- | # start/stop iptables | + | |
- | # | + | |
- | # Author: hypathie <hypathie@debian-facile> | + | |
- | # | + | |
- | ##Set up /etc/init.d/firewall_gateway.sh | + | |
- | case "$1" in | + | |
- | 'start') | + | |
/sbin/iptables -F | /sbin/iptables -F | ||
/sbin/iptables -X | /sbin/iptables -X | ||
Ligne 126: | Ligne 109: | ||
/sbin/iptables -A INPUT -i eth1 -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT | /sbin/iptables -A INPUT -i eth1 -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
/sbin/iptables -I INPUT -i eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | /sbin/iptables -I INPUT -i eth1 -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | ||
- | echo "set up firewall_gateway.sh .........> [OK]" | ||
- | /sbin/iptables-save > /etc/firewall_gateway.sh | ||
- | echo "iptables-save > /etc/firewall_gateway.sh .........> [OK]" | ||
- | RETVAL=$? | ||
- | ;; | ||
- | 'stop') | ||
- | # Supprime toutes les règles de la tables FILTER et pose la police ACCEPT pour toutes les chaînes | ||
- | /sbin/iptables -t filter -F | ||
- | /sbin/iptables -t filter -X | ||
- | /sbin/iptables -t filter -P INPUT ACCEPT | ||
- | /sbin/iptables -t filter -P OUTPUT ACCEPT | ||
- | /sbin/iptables -t filter -P FORWARD ACCEPT | ||
- | echo "FILTER [ALL firewall_gateway.sh's rules .... [FLUSH] ..... POLICY ......> [ACCEPT]" | ||
- | echo "NAT ...POSTROUTING ... MASQUERADE .... [STILL SET UP]" | ||
- | RETVAL=$? | ||
- | ;; | ||
- | 'restart') | ||
- | #ré-installe le pare-feu complet, y compris NAT (masquerade), DNAT (port 631) | ||
- | /sbin/iptables-restore < /etc/firewall_gateway.sh | ||
- | echo "/etc/firewall-client ........> [OK]" | ||
- | echo "NAT (masquerade) ........> [OK]" | ||
- | echo "DNAT (port 631) ........> [OK]" | ||
- | RETVAL=$? | ||
- | ;; | ||
- | 'status') | ||
- | /sbin/iptables -L -n --line-numbers | ||
- | /sbin/iptables -t nat -L -n --line-numbers | ||
- | RETVAL=$? | ||
- | ;; | ||
- | 'flush') | ||
- | #supprime toutes les règles de toutes les tables ; accepte tout | ||
- | /sbin/iptables -t filter -F | ||
- | /sbin/iptables -t nat -F | ||
- | /sbin/iptables -t mangle -F | ||
- | /sbin/iptables -t raw -F | ||
- | /sbin/iptables -t filter -P INPUT ACCEPT | ||
- | /sbin/iptables -t filter -P OUTPUT ACCEPT | ||
- | /sbin/iptables -t filter -P FORWARD ACCEPT | ||
- | echo "FILTER [ALL RULES .......> [FLUSH]" | ||
- | echo "WARNING ........ ALL POLICY ......> [ACCEPT]" | ||
- | RETVAL=$? | ||
- | ;; | ||
- | 'deletnat') | ||
- | /sbin/iptables -t nat -F | ||
- | /sbin/iptables -t nat -X | ||
- | /sbin/iptables -t mangle -F | ||
- | /sbin/iptables -t nat -P PREROUTING ACCEPT | ||
- | /sbin/iptables -t nat -P POSTROUTING ACCEPT | ||
- | /sbin/iptables -t nat -P OUTPUT ACCEPT | ||
- | /sbin/iptables -t mangle -P PREROUTING ACCEPT | ||
- | /sbin/iptables -t mangle -P OUTPUT ACCEPT | ||
- | /sbin/iptables -t mangle -P POSTROUTING ACCEPT | ||
- | echo "NAT/MANGLE [ALL RULES .... [FLUSH] ..... POLICY ......> [ACCEPT]" | ||
- | echo "INFO ......> [NAT/DNAT is OFF]" | ||
- | echo "INFO ......> [FILTER STILL SET UP]" | ||
- | RETVAL=$? | ||
- | ;; | ||
- | *) | ||
- | echo "Usage: $0 { start | stop | restart | status | flush | deletnat }" | ||
- | RETVAL=1 | ||
- | ;; | ||
- | esac | ||
- | exit $RETVAL | ||
- | </code> | ||
</code> | </code> | ||
+ | |||