iptables scripts revision

author: Silvino Silva <silvino@bk.ru> 2019-06-07 23:39:05 +0000
committer: Silvino Silva <silvino@bk.ru> 2019-06-07 23:39:05 +0000
commit: 045ea9a3815a56609af07a3c7d9df6fcc18910a5 (patch)
tree: 29eb52783ec09481a6f6874164789efc1dc42242 /core/conf/iptables/ipt-server.sh
parent: 175b83995519059948b5d2e9da4a76c7ab070bc3 (diff)
download: doc-045ea9a3815a56609af07a3c7d9df6fcc18910a5.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/core/conf/iptables/ipt-server.sh b/core/conf/iptables/ipt-server.sh
index 225fd31..027cd11 100644
--- a/core/conf/iptables/ipt-server.sh
+++ b/core/conf/iptables/ipt-server.sh
@@ -1,10 +1,15 @@
 echo "setting server network..."
+source /etc/iptables/ipt-conf.sh
+source /etc/iptables/ipt-firewall.sh
+ipt_clear
+ipt_tables
 
 # Unlimited on loopback
 $IPT -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
 $IPT -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
 $IPT -A INPUT -i lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT
 $IPT -A OUTPUT -o lo -s ${PUB_IP} -d ${PUB_IP} -j ACCEPT
+$IPT -A OUTPUT -o lo -s ${PUB_IP} -d 10.255.255.255 -j ACCEPT
 
 ####### Input Chain ######
 $IPT -A INPUT -j blocker
@@ -35,3 +40,8 @@ $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j srv_https_out
 
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_ssh_out
 $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -j srv_git_out
+
+## log everything else and drop
+ipt_log
+
+iptables-save > /etc/iptables/server.v4
author	Silvino Silva <silvino@bk.ru>	2019-06-07 23:39:05 +0000
committer	Silvino Silva <silvino@bk.ru>	2019-06-07 23:39:05 +0000
commit	045ea9a3815a56609af07a3c7d9df6fcc18910a5 (patch)
tree	29eb52783ec09481a6f6874164789efc1dc42242 /core/conf/iptables/ipt-server.sh
parent	175b83995519059948b5d2e9da4a76c7ab070bc3 (diff)
download	doc-045ea9a3815a56609af07a3c7d9df6fcc18910a5.tar.gz