iptables.sh
#!/bin/bash set -e iptables="/sbin/iptables" modprobe="/sbin/modprobe" allowporttcp="80 443 6667 6669" allowportudp="1194" allowporttcptoip="7000" whitelist="82.225.**.** 81.56.**.** 81.57.**.**" blacklist="74.52.74.** 213.23.175.** 81.2.210.** 60.242.109.**" load () { #echo "Loading kernel modules..." #$modprobe ip_tables #$modprobe ip_conntrack #$modprobe iptable_filter #$modprobe ipt_state #echo "Kernel modules loaded." echo "Loading rules..." $iptables -P FORWARD DROP $iptables -P INPUT DROP $iptables -N blacklist $iptables -A INPUT -i eth0 -j blacklist for i in $allowporttcp do $iptables -A INPUT -p tcp -m tcp --destination-port $i -j ACCEPT echo "Allow port : $i/tcp" done for i in $allowportudp do $iptables -A INPUT -p udp -m udp --destination-port $i -j ACCEPT echo "Allow port : $i/udp" done for i in $allowporttcptoip do for j in $whitelist do $iptables -A INPUT -p tcp -m tcp --destination-port $i -s $j -j ACCEPT echo "Allow port : $i/tcp for $j" done done for i in $blacklist do $iptables -s $i -j DROP -A blacklist echo "$i blacklisted" done for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i echo "1 > $i" done $iptables -A INPUT -p icmp -j ACCEPT $iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A INPUT -s 127.0.0.1 -j ACCEPT echo "Rules loaded." } blacklist () { $iptables -L blacklist -n $iptables -L blacklist } flush () { echo "Flushing rules..." $iptables -F $iptables -X $iptables -t mangle -F $iptables -t mangle -X $iptables -P INPUT ACCEPT $iptables -P FORWARD ACCEPT $iptables -P OUTPUT ACCEPT echo "Rules flushed." } case "$1" in start|restart) flush load ;; stop) flush ;; blacklist) blacklist ;; *) echo "usage: start|stop|restart|blacklist." ;; esac exit 0
Utilisation
iptables.sh start|stop|restart|blacklist