blob: 225fd314173387bf67c43f442de7c2257b238de5 (
plain) (
tree)
|
|
echo "setting server network..."
# Unlimited on loopback
$IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
$IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
$IPT -A INPUT -i lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT
$IPT -A OUTPUT -o lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT
####### Input Chain ######
$IPT -A INPUT -j blocker
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in
#$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j cli_http_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_https_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j cli_https_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_ssh_in
$IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j srv_git_in
####### Output Chain ######
$IPT -A OUTPUT -j blocker
$IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out
#$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j cli_http_out
$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out
$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out
$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out
$IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j cli_https_out
$IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j srv_https_out
$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_ssh_out
$IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_git_out
|