iptables åbnet for winmx
Hej jeg vil gerne have åbnet for winmx i mit firewall script. er der nogle der ved hvordan denne linje skal se ud?her er mit firewall script!
-----------------------------------------------------------
#!/bin/bash
clear
#Angiver stien til iptables
IPTABLES="/sbin/iptables"
echo Variabler der bruges i scriptet
LAN_NET="192.168.1.0/24"
WAN_NET="80.160.83.92"
MAC_MG="00:50:BA:50:CB:A0"
MAC_DH="00:50:BA:50:C1:ED"
IP_MG="192.168.1.22"
IP_DH="192.168.1.21"
echo Slukker IP Forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
echo SLETTER de gamle indstillinger
iptables -t nat -F
iptables -F
echo SÆTTER standard policies
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -P INPUT DROP
echo BANNER BRUGERE
#iptables -A FORWARD -m mac --mac-source 00:50:BA:50:C8:6A -j DROP
echo ACCEPT POSTROUTING og PREROUTING
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P PREROUTING ACCEPT
echo ACCEPT FORWARD via IPTables
iptables -t nat -A POSTROUTING -s $LAN_NET -d ! $LAN_NET -j SNAT --to $WAN_NET
echo ACCEPT alle forbindelser som er startet internt
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
echo ACCEPT Michael's computer ssh'e til serveren
iptables -A INPUT -p tcp -s $IP_MG --dport 1: -j ACCEPT -m mac --mac-source $MAC_MG
iptables -A OUTPUT -p tcp -d $IP_MG --dport 1: -j ACCEPT
echo ACCEPT Danni's computer ssh'e til serveren
iptables -A INPUT -p tcp -s $IP_DH --dport 1: -j ACCEPT -m mac --mac-source $MAC_DH
iptables -A OUTPUT -p tcp -d $IP_DH --dport 1: -j ACCEPT
echo ACCEPT DNS
iptables -A FORWARD -p udp -s $LAN_NET --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s $LAN_NET -j DROP
echo ACCEPT ICMP ping
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
#
# Porte som Admin har åbnet
#
echo ACCEPT port 80 HTTP
iptables -A FORWARD -p tcp -s $LAN_NET --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --sport 80 -d $LAN_NET -j ACCEPT
echo ACCEPT port 20:21 FTP
iptables -A FORWARD -p tcp -s $LAN_NET --dport 20 -j ACCEPT
iptables -A FORWARD -p tcp --sport 20 -d $LAN_NET -j ACCEPT
iptables -A FORWARD -p tcp -s $LAN_NET --dport 21 -j ACCEPT
iptables -A FORWARD -p tcp --sport 21 -d $LAN_NET -j ACCEPT
echo ACCEPT port 22 SSH
iptables -A FORWARD -p tcp -s $LAN_NET --dport 22 -j ACCEPT
echo ACCEPT port 445 MICROSOFT DIRECTORY SERVICE
iptables -A FORWARD -p tcp -s $LAN_NET --dport 445 -j ACCEPT
iptables -A FORWARD -p tcp --sport 445 -d $LAN_NET -j ACCEPT
echo ACCEPT port 443 MICROSOFT WINDOWS UPDATE
iptables -A FORWARD -p tcp -s $LAN_NET --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --sport 443 -d $LAN_NET -j ACCEPT
echo ACCEPT port 1080 INTERNET
iptables -A FORWARD -p tcp -s $LAN_NET --dport 1080 -j ACCEPT
iptables -A FORWARD -p tcp --sport 1080 -d $LAN_NET -j ACCEPT
echo ACCEPT port 5190 ICQ
iptables -A FORWARD -p tcp -s $LAN_NET --dport 5190 -j ACCEPT
iptables -A FORWARD -p tcp --sport 5190 -d $LAN_NET -j ACCEPT
echo ACCEPT port 8080 INTERNET
iptables -A FORWARD -p tcp -s $LAN_NET --dport 8080 -j ACCEPT
iptables -A FORWARD -p tcp --sport 8080 -d $LAN_NET -j ACCEPT
#
# Ønskede porte der er åbne
#
echo ACCEPT port 5800 VNC
iptables -A FORWARD -p tcp -s $LAN_NET --dport 5800 -j ACCEPT
iptables -A FORWARD -p tcp --sport 5800 -d $LAN_NET -j ACCEPT
echo ACCEPT port 6699 WINMX
iptables -A FORWARD -p tcp -s $LAN_NET --dport 6699 -j ACCEPT
iptables -A FORWARD -p tcp --sport 6699 -d $LAN_NET -j ACCEPT
echo ACCEPT port 6257 WINMX
iptables -A FORWARD -p udp -s $LAN_NET --dport 6257 -j ACCEPT
iptables -A FORWARD -p udp --sport 6257 -d $LAN_NET -j ACCEPT
echo ACCEPT port 6667 IRC
iptables -A FORWARD -p tcp -s $LAN_NET --dport 6667 -j ACCEPT
iptables -A FORWARD -p tcp --sport 6667 -d $LAN_NET -j ACCEPT
echo BLOKKER alle pakker som ikke bliver godkendt ovenover
iptables -A FORWARD -j DROP
iptables -A INPUT -j DROP
echo Starter IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
