Last active
November 25, 2016 11:42
-
-
Save zipizap/b4d9a1710affb4256371 to your computer and use it in GitHub Desktop.
Revisions
-
zipizap revised this gist
Nov 25, 2016 . 1 changed file with 3 additions and 47 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,47 +1,3 @@ # To keep it DRY (and fix some errors, put some improvements) I've updated the firewall info in this other gist: # https://gist.github.com/zipizap/6935850 # Check it out :) -
Jun 13, 2015 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,8 @@ iptables -L -v # show iptables -F # flush (clear all rules) iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state -p udp --dport 51413 -j ACCEPT # transmission peers UDP iptables -A INPUT -m state -p tcp --dport 51413 -j ACCEPT # transmission peers TCP iptables -I INPUT -p tcp --dport 9091 -s 192.168.0.0/24 -j ACCEPT # transmission rpc,from local-network only iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/24 -j ACCEPT # ssh, from local-network only #iptables -A INPUT -p tcp --dport 80 -j ACCEPT # http server -
Jan 15, 2015 . 1 changed file with 7 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ # Run everything as root :) # Define iptable rules iptables -L -v # show iptables -F # flush (clear all rules) iptables -A INPUT -i lo -j ACCEPT @@ -14,10 +16,13 @@ iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/24 -j ACCEPT iptables -A INPUT -j DROP iptables -L -v # Save rules to file (do this every time you update the rules, to save the updated rules!) iptables-save > /etc/iptables.rules # The following will setup the saved rules to be loaded always at boot # It only needs to be done once to c cat << EOT > /etc/network/if-pre-up.d/iptablesload #!/bin/sh iptables-restore < /etc/iptables.rules @@ -38,3 +43,4 @@ chmod +x /etc/network/if-pre-up.d/iptablesload # If you have any problem, you can flush (clear) all the rules with "iptables -F" # If you latter want to update the rules, repeat this from the beginning to iptables-save. The rest bellow iptables-save is not necesary to be repeated, it must only be run once for the first time. -
Jan 15, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,40 @@ # Run everything as root :) iptables -L -v # show iptables -F # flush (clear all rules) iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT # transmission peers iptables -I INPUT -p tcp --dport 9091 -s 192.168.0.0/24 -j ACCEPT # transmission rpc,from local-network only iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/24 -j ACCEPT # ssh, from local-network only #iptables -A INPUT -p tcp --dport 80 -j ACCEPT # http server #iptables -A INPUT -p tcp --dport 443 -j ACCEPT # https server #iptables -A INPUT -p tcp --dport 80 -s 192.168.0.0/24 -j ACCEPT # http server, from local-network only #iptables -A INPUT -p tcp --dport 443 -s 192.168.0.0/24 -j ACCEPT # https server, from local-network only iptables -A INPUT -j DROP iptables -L -v # Save rules to file iptables-save > /etc/iptables.rules # The following will setup the saved rules to be loaded always at boot cat << EOT > /etc/network/if-pre-up.d/iptablesload #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOT cat << EOT > /etc/network/if-post-down.d/iptablessave #!/bin/sh iptables-save > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0 EOT chmod +x /etc/network/if-post-down.d/iptablessave chmod +x /etc/network/if-pre-up.d/iptablesload # If you have any problem, you can flush (clear) all the rules with "iptables -F"