#!/bin/sh
echo “Starting ZAIB’s Secure Firewall . . .”
#set -x
IPT=”/sbin/iptables”
DHCP_SERVER=”10.0.8.1″
FILE=`cat path | awk ‘/FINAL_FILE/’ | cut -d”=” -f2`
LOOPBACK=”lo”
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
# ALLOW LOOPBACK
$IPT -A INPUT -i $LOOPBACK -j ACCEPT
$IPT -A OUTPUT -o $LOOPBACK -j ACCEPT
# ALLOW WAN (eth2)
$IPT -A INPUT -i eth2 -j ACCEPT
$IPT -A FORWARD -i eth2 -j ACCEPT
# ALLOW PPTPD (TEST FLIGHT)
#$IPT -I INPUT -p tcp –dport 1723 -j ACCEPT
#$IPT -I OUTPUT -p tcp –dport 1723 -j ACCEPT
#$IPT -I INPUT -p 47 -j ACCEPT
#$IPT -I OUTPUT -p 47 -j ACCEPT
#$IPT -A INPUT -i ppp+ -p all -s 0/0 -d 0/0 -j ACCEPT
#$IPT -A FORWARD -i ppp+ -p all -s 0/0 -d 0/0 -j ACCEPT
# ALLOW DHCP
$IPT -A INPUT -p udp -s $DHCP_SERVER –sport 67 -d 255.255.255.255 –dport 68 -j ACCEPT
$IPT -A OUTPUT -p udp -s 255.255.255.255 –sport 68 -d $DHCP_SERVER –dport 67 -j ACCEPT
# DANGER PORTS WILL BE REJECTED
for i in 23 123 135 137 138; do
$IPT -A INPUT -p tcp -s 0/0 -d 0/0 –dport $i -j DROP
$IPT -A FORWARD -p tcp -s 0/0 -d 0/0 –dport $i -j DROP
$IPT -A INPUT -p udp -s 0/0 -d 0/0 –dport $i -j DROP
$IPT -A FORWARD -p udp -s 0/0 -d 0/0 –dport $i -j DROP
done
#ICMP REPLY LIMITING
$IPT -A INPUT -p icmp -m icmp –icmp-type echo-request -m limit –limit 60/s -m length –length 100:65500 -j DROP
$IPT -A FORWARD -p icmp -m icmp –icmp-type echo-request -m limit –limit 60/s -m length –length 100:65500 -j DROP
cat $FILE | while read MACS
do
IP=`echo $MACS | awk ‘{print $2}’`
MAC=`echo $MACS | awk ‘{print $1}’`
#arp -i br0 -s $IP $MAC
#arp -i eth0 -s $IP $MAC
#arp -i eth1 -s $IP $MAC
$IPT -t mangle -A PREROUTING -s $IP -m mac –mac-source $MAC -j MARK –set-mark 1
done
# SECURENAT SCRIPT START
$IPT -A FORWARD -m state –state NEW -p tcp \
-d 10.0.0.1 –dport 53 -j ACCEPT
$IPT -A FORWARD -p udp -d 10.0.0.1 –dport 53 -j ACCEPT
$IPT -A FORWARD -p udp -d 10.0.0.1 –sport 53 -j ACCEPT
$IPT -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -m state –state NEW -i eth0 -j ACCEPT
#Allow WAN Interface for web site hosting
#for i in 80 10000 1234; do
#$IPT -A INPUT -p tcp -i eth2 –dport $i -j ACCEPT
#$IPT -A FORWARD -p tcp -i eth2 –dport $i -j ACCEPT
#done
# Allow Marked Packets to be allowed
$IPT -A INPUT -m mark –mark 1 -j ACCEPT
$IPT -A FORWARD -m mark –mark 1 -j ACCEPT
$IPT -A INPUT -m mark ! –mark 1 -j DROP
$IPT -A FORWARD -m mark ! –mark 1 -j DROP
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
echo “ZAiB Secure Firewall & DHCP Process Complete.”
kindly sms me your phone no plz
0300-8286341
LikeLike
Comment by Arman — January 28, 2011 @ 8:22 AM
0333.xxxxxx
Do i know u?
LikeLike
Comment by aacable — January 29, 2011 @ 6:36 AM