#!/bin/sh
# A simple script firewall
set -e
# We need this for redirection
echo 1 > /proc/sys/net/ipv4/ip_forward
firewall_start() {
# Clean first
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -t raw -F
iptables -t raw -X
iptables -t raw -Z
# Default policy
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
# firewall rules INPUT
iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
# Bacula
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 9102:9104 -j ACCEPT
# Ssh
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Icmp
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# Log on syslog
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
# Final input rules
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
}
firewall_stop() {
# Clean
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -t raw -F
iptables -t raw -X
iptables -t raw -Z
}
firewall_restart() {
firewall_stop
firewall_start
}
case "$1" in
'start')
firewall_start
;;
'stop')
firewall_stop
;;
'restart')
firewall_restart
;;
*)
echo "usage $0 start|stop|restart"
esac
And this is the ipf.conf of server
Code:
# block and quick everything by default but pass on lo0
block in log on bge0 all
pass in quick on lo0 all
# These rules will allow connections initiated from
# this host along with the return connection
pass out quick proto icmp all keep state
pass out quick proto tcp all keep state
pass out quick proto udp all keep state
# Allow SecureShell incoming connections on 2122 port
pass in quick proto tcp from any to any port = 2122 flags S keep state keep frags
# Allow SecureShell incoming connections on 22 port
pass in quick proto tcp from any to any port = 22 flags S keep state keep frags
# Allow Secure stunnel telnet incoming connections on 5860 port
pass in quick proto tcp from any to any port = 5860 flags S keep state keep frags
# Allow nfs 3 4
pass in quick proto tcp from 192.168.0.0/24 to any port = 2049 flags S keep state keep frags
pass in quick proto udp from 192.168.0.0/24 to any port = 2049 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 4001 flags S keep state keep frags
pass in quick proto udp from 192.168.0.0/24 to any port = 4001 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 111 flags S keep state keep frags
pass in quick proto udp from 192.168.0.0/24 to any port = 111 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 48472 flags S keep state keep frags
pass in quick proto udp from 192.168.0.0/24 to any port = 48472 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 8932 flags S keep state keep frags
pass in quick proto udp from 192.168.0.0/24 to any port = 8932 keep state
#Allow PING
pass in quick proto icmp from any to any keep state
# Samba
pass in quick proto udp from 192.168.0.0/24 to any port = 137 keep state
pass in quick proto udp from 192.168.0.0/24 to any port = 138 keep state
pass in quick proto udp from 192.168.0.0/24 to any port = 139 keep state
pass in quick proto udp from 192.168.0.0/24 to any port = 445 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 137 flags S keep state keep frags
pass in quick proto tcp from 192.168.0.0/24 to any port = 138 flags S keep state keep frags
pass in quick proto tcp from 192.168.0.0/24 to any port = 139 flags S keep state keep frags
pass in quick proto tcp from 192.168.0.0/24 to any port = 445 flags S keep state keep frags
# Dns
pass in quick proto udp from 192.168.0.0/24 to any port = 53 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 53 flags S keep state keep frags
What can I do to enable ping?The other works fine, dns and ssh
Last edited by rbatte1; 04-09-2018 at 06:36 AM..
Reason: Corrected CODE tags
Hi,
I want to enable hibernate in my machine.
when i click hibernate option, it is throwing message that hibernate is not enabled in kernel.
earlier, i was hibernating in the same machine with windows os.
any idea ?
Thx in advance.
Siva (0 Replies)
Hello everyone,
I installed AIX the other day (several times!) but I can't get XDMCP to work.
I remember from when I installed it the last time it worked out of the box.
So why doesn't it work now?
This is the error message I get:
XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Hi,
I develop simple animation ping script on Solaris Platform. It is like Cisco ping.
Examples and source code are below.
bash-3.00$ gokcell 152.155.180.8 30
Sending 30 Ping Packets to 152.155.180.8
!!!!!!!!!!!!!.!!!!!!!!!!!!!!!.
% 93.33 success... % 6.66 packet loss...... (1 Reply)
Hi
I am using perl to ping a list of nodes - with script below :
$p = Net::Ping->new("icmp");
if ($p->ping($host,1)){
print "$host is alive.\n";
}
else {
print "$host is unreacheable.\n";
}
$p->close();... (4 Replies)
Hi Folks!
I am writing a script which changes lpfc.conf if there it has been setup on RHEL BOXes, do I need to put dracut -f for enabling it? I am not sure,
Can someone help! (6 Replies)
help with bash script!
im am working on this script to make sure my server will stay online, so i made this script..
HOSTS="192.168.138.155"
COUNT=4
pingtest(){
for myhost in "$@"
do
ping -c "$COUNT" "$myhost" &&return 1
done
return 0
}
if pingtest $HOSTS
#100% failed... (4 Replies)
I have installed the "mipsel tuxbox" compile suite for crosscompile
Host system is x86_64 slackware
destination is mipsel32bit "vuduo+"
For example,I want to compile a program, I use this script
make clean
export TOOLCHAIN=/opt/mipsel-tuxbox-linux-gnu
export... (0 Replies)