home       inleiding       sysadmin       services       links       bash       werk       nothing      

iptables alle scripts (2021)

 

  1. CLEAR -- 01-ipt-clear.sh
    #!/bin/bash
    #
    # dit wordt het iptables script
    #
    #
    ###################################
    echo "den iptables"
     
    # general
    echo "clear general:"
    iptables -vX
    iptables -vF
      
    # nat and masquerading -t refers to table
    echo "clear nat, masq:"
    iptables -vt nat -F
    iptables -vt nat -X
     
    # mangling TCP header
    echo "clear mangle ... :"
    iptables -vt mangle -F
    iptables -vt mangle -X
     
    # reset policies -P refers to policies
    echo "reset policies"
    iptables -vP INPUT ACCEPT
    iptables -vP OUTPUT ACCEPT
    iptables -vP FORWARD ACCEPT
     
    # turn off routing
    echo "now turning off routing ..."
    echo 0 > /proc/sys/net/ipv4/ip_forward

     

  2. CLEAR/PRINT -- 02-ipt-clr-prt.sh
    #!/bin/bash
    #
    # dit is het  iptables script
    #
    #
    ###################################
    #echo "den iptables"
     
    # general
    echo "clear general:"
    iptables -vX
    iptables -vF
     
    # nat and masquerading -t refers to table
    echo "clear nat, masq:"
    iptables -vt nat -F
    iptables -vt nat -X
     
    # mangling TCP header
    echo "clear mangle ... :"
    iptables -vt mangle -F
    iptables -vt mangle -X
     
    # reset policies -P refers to policies
    echo "reset policies"
    iptables -vP INPUT ACCEPT
    iptables -vP OUTPUT ACCEPT
    iptables -vP FORWARD ACCEPT
     
    # turn off routing
    echo "now turning off routing ..."
    echo 0 > /proc/sys/net/ipv4/ip_forward
     
    # --------------
     
    # hier tussenin gebeurt het
     
    # --------------
     
    ### PRINT iptables configuration
    ###
    #
    echo ">>>>> iptables -n -L"
    iptables -n -L
    echo "--------------"
    echo ">>>>> iptables -S"
    iptables -S
    echo "--------------"
    echo ">>>>> iptables -t nat -L"
    iptables -t nat -L
    echo "--------------"
    echo ">>>>> iptables -t mangle -L"
    iptables -t mangle -L
    echo "--------------"
    echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
    echo "=============="

      

  3. NAT -- 03-ipt-nat.sh
    #!/bin/bash
    #
    # dit is het  iptables script
    #
    #
    ###################################
    #echo "den iptables"
     
    # general
    echo "clear general:"
    iptables -vX
    iptables -vF
     
    # nat and masquerading -t refers to table
    echo "clear nat, masq:"
    iptables -vt nat -F
    iptables -vt nat -X
     
    # mangling TCP header
    echo "clear mangle ... :"
    iptables -vt mangle -F
    iptables -vt mangle -X
     
    # reset policies -P refers to policies
    echo "reset policies"
    iptables -vP INPUT ACCEPT
    iptables -vP OUTPUT ACCEPT
    iptables -vP FORWARD ACCEPT
     
    # turn off routing -- niet nodig, want dit is een router
    #echo "now turning off routing ..."
    #echo 0 > /proc/sys/net/ipv4/ip_forward
     
    # --------------
    # turn on routing:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # we doen NAT
    iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
    # --------------
     
    ### PRINT iptables configuration
    ###
    #
    echo ">>>>> iptables -n -L"
    iptables -n -L
    echo "--------------"
    echo ">>>>> iptables -S"
    iptables -S
    echo "--------------"
    echo ">>>>> iptables -t nat -L"
    iptables -t nat -L
    echo "--------------"
    echo ">>>>> iptables -t mangle -L"
    iptables -t mangle -L
    echo "--------------"
    echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
    echo "=============="

     

  4. input chain -- 04-ipt-input.sh
    #!/bin/bash
    #
    # dit is het  iptables script
    #
    #
    ###################################
    #echo "den iptables"
     
    # general
    echo "clear general:"
    iptables -vX
    iptables -vF
     
    # nat and masquerading -t refers to table
    echo "clear nat, masq:"
    iptables -vt nat -F
    iptables -vt nat -X
     
    # mangling TCP header
    echo "clear mangle ... :"
    iptables -vt mangle -F
    iptables -vt mangle -X
     
    # reset policies -P refers to policies
    echo "reset policies"
    iptables -vP INPUT ACCEPT
    iptables -vP OUTPUT ACCEPT
    iptables -vP FORWARD ACCEPT
     
    # turn off routing -- niet nodig, want dit is een router
    #echo "now turning off routing ..."
    #echo 0 > /proc/sys/net/ipv4/ip_forward
     
    # --------------
    # turn on routing:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # we doen NAT
    iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
    # --------------
     
    # ---------- input chain ----
    iptables -vP INPUT DROP
    iptables -vA INPUT -i lo -j ACCEPT
    iptables -vA INPUT -p TCP --dport 10022 -j ACCEPT
    #iptables -vA INPUT -p TCP --dport 80 -j ACCEPT
    iptables -vA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
     
    ### PRINT iptables configuration
    ###
    #
    echo ">>>>> iptables -n -L"
    iptables -n -L
    echo "--------------"
    echo ">>>>> iptables -S"
    iptables -S
    echo "--------------"
    echo ">>>>> iptables -t nat -L"
    iptables -t nat -L
    echo "--------------"
    echo ">>>>> iptables -t mangle -L"
    iptables -t mangle -L
    echo "--------------"
    echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
    echo "=============="

     

  5. DNAT -- 05-ipt-dnat.sh
    #!/bin/bash
    #
    # dit is het  iptables script
    #
    #
    ###################################
    #echo "den iptables"
     
    # general
    echo "clear general:"
    iptables -vX
    iptables -vF
     
    # nat and masquerading -t refers to table
    echo "clear nat, masq:"
    iptables -vt nat -F
    iptables -vt nat -X
     
    # mangling TCP header
    echo "clear mangle ... :"
    iptables -vt mangle -F
    iptables -vt mangle -X
     
    # reset policies -P refers to policies
    echo "reset policies"
    iptables -vP INPUT ACCEPT
    iptables -vP OUTPUT ACCEPT
    iptables -vP FORWARD ACCEPT
     
    # turn off routing -- niet nodig, want dit is een router
    #echo "now turning off routing ..."
    #echo 0 > /proc/sys/net/ipv4/ip_forward
     
    # --------------
    # turn on routing:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # we doen NAT
    iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
    # --------------
     
    #####   ---------------------------------
    ######  DNAT to www1 (10.0.0.80- port 80)
    #####   ---------------------------------
    ### webserver 1: 10.0.0.80 http op port 80 --> 12380
    ###                         ssh op port 22 -->  8022
    ###
    ### webserver 2: 10.0.0.81 http op port 80 --> 12381
    ###                         ssh op port 22 -->  8122
    iptables -vP FORWARD DROP
    iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 22 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 8022 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 8122 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 12380 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 12381 -j ACCEPT
    ### webserver 1: 10.0.0.80 http op port 80 --> 12380
    iptables -vt nat -A PREROUTING -p TCP --dport 12380 -j DNAT --to 10.0.0.80:80
    iptables -vt nat -A PREROUTING -p TCP --dport  8022 -j DNAT --to 10.0.0.80:22
    ### webserver 2: 10.0.0.81 http op port 80 --> 12381
    iptables -vt nat -A PREROUTING -p TCP --dport 12381 -j DNAT --to 10.0.0.81:80
    iptables -vt nat -A PREROUTING -p TCP --dport  8122 -j DNAT --to 10.0.0.81:22
    #iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
     
     
    iptables -vA FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    # ---------- input chain ----
    iptables -vP INPUT DROP
    iptables -vA INPUT -i lo -j ACCEPT
    iptables -vA INPUT -p TCP --dport 10022 -j ACCEPT
    #iptables -vA INPUT -p TCP --dport 80 -j ACCEPT
    iptables -vA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
     
    ### PRINT iptables configuration
    ###
    #
    echo ">>>>> iptables -n -L"
    iptables -n -L
    echo "--------------"
    echo ">>>>> iptables -S"
    iptables -S
    echo "--------------"
    echo ">>>>> iptables -t nat -L"
    iptables -t nat -L
    echo "--------------"
    echo ">>>>> iptables -t mangle -L"
    iptables -t mangle -L
    echo "--------------"
    echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
    echo "=============="

     

  6. DNS en PING toegevoegd -- 06-ipt-dns-ping.sh
    #!/bin/bash
    #
    # dit is het  iptables script
    #
    #
    ###################################
    #echo "den iptables"
      
    # general
    echo "clear general:"
    iptables -vX
    iptables -vF
      
    # nat and masquerading -t refers to table
    echo "clear nat, masq:"
    iptables -vt nat -F
    iptables -vt nat -X
      
    # mangling TCP header
    echo "clear mangle ... :"
    iptables -vt mangle -F
    iptables -vt mangle -X
      
    # reset policies -P refers to policies
    echo "reset policies"
    iptables -vP INPUT ACCEPT
    iptables -vP OUTPUT ACCEPT
    iptables -vP FORWARD ACCEPT
      
    # turn off routing -- niet nodig, want dit is een router
    #echo "now turning off routing ..."
    #echo 0 > /proc/sys/net/ipv4/ip_forward
      
    # --------------
    # turn on routing:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # we doen NAT
    iptables -vt nat -A POSTROUTING -o enp0s3 -j SNAT --to 192.168.149.101
    # --------------
      
    #####   ---------------------------------
    ######  DNAT to www1 (10.0.0.80- port 80)
    #####   ---------------------------------
    ### webserver 1: 10.0.0.80 http op port 80 --> 12380
    ###                         ssh op port 22 -->  8022
    ###
    ### webserver 2: 10.0.0.81 http op port 80 --> 12381
    ###                         ssh op port 22 -->  8122
    iptables -vP FORWARD DROP
    iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 22 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 8022 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 8122 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 12380 -j ACCEPT
    iptables -vA FORWARD -p TCP --dport 12381 -j ACCEPT
    ###
    ### internet use inside dmz and beyond
    ####  ping
    iptables -vA FORWARD -p ICMP -j ACCEPT
    #### dns
    iptables -vA FORWARD -p UDP --dport 53 -j ACCEPT
    #### https
    iptables -vA FORWARD -p TCP --dport 443 -j ACCEPT
      
      
    ### webserver 1: 10.0.0.80 http op port 80 --> 12380
    iptables -vt nat -A PREROUTING -p TCP --dport 12380 -j DNAT --to 10.0.0.80:80
    iptables -vt nat -A PREROUTING -p TCP --dport  8022 -j DNAT --to 10.0.0.80:22
    ### webserver 2: 10.0.0.81 http op port 80 --> 12381
    iptables -vt nat -A PREROUTING -p TCP --dport 12381 -j DNAT --to 10.0.0.81:80
    iptables -vt nat -A PREROUTING -p TCP --dport  8122 -j DNAT --to 10.0.0.81:22
    #iptables -vA FORWARD -p TCP --dport 80 -j ACCEPT
      
      
    iptables -vA FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    # ---------- input chain ----
    iptables -vP INPUT DROP
    iptables -vA INPUT -i lo -j ACCEPT
    iptables -vA INPUT -p TCP --dport 10022 -j ACCEPT
    #iptables -vA INPUT -p TCP --dport 80 -j ACCEPT
    iptables -vA INPUT -p ICMP -j ACCEPT
    iptables -vA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
      
    ### PRINT iptables configuration
    ###
    #
    echo ">>>>> iptables -n -L"
    iptables -n -L
    echo "--------------"
    echo ">>>>> iptables -S"
    iptables -S
    echo "--------------"
    echo ">>>>> iptables -t nat -L"
    iptables -t nat -L
    echo "--------------"
    echo ">>>>> iptables -t mangle -L"
    iptables -t mangle -L
    echo "--------------"
    echo "routing set: " `cat /proc/sys/net/ipv4/ip_forward`
    echo "=============="