WalangMagawa: February 2010

Wednesday, February 24, 2010

Using IPTABLES in my Ubuntu Server

I have created 2 Scripts:
1. fw.run
2. fw.stop

i have to run it manually , every restart of the server.

Here are my scripts;

nano -w fw.run

FW.RUN
############################################
#!/bin/bash

# flush all chains
iptables -F

# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# allow certain ports
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 12000 -j ACCEPT
iptables -A INPUT -p tcp --dport 23100 -j ACCEPT
iptables -A INPUT -p tcp --dport 13000 -j ACCEPT
iptables -A INPUT -p tcp --dport 12345 -j ACCEPT
iptables -A INPUT -p tcp --dport 5555 -j ACCEPT
iptables -A INPUT -p tcp --dport 20000 -j ACCEPT
iptables -A INPUT -p tcp --dport 15000 -j ACCEPT
iptables -A INPUT -p tcp --dport 54321 -j ACCEPT
iptables -A INPUT -p tcp --dport 6666 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT

# drop everything else

iptables -A INPUT -j DROP
iptables -A INPUT -i eth0 -p udp -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --syn -j DROP
#########################################################

make it executable:
chmod +x fw.run

nano -w fw.stop

FW.STOP
#######################################################
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
######################################################

make it executable:
chmod +x fw.stop

FOr Checking:
iptables -L -v

Thats it..

if i want to run it
sudo su -
passwd;

./fw.run

if i want to stop:
./fw.stop