updated core linux ports and iptables script

1 files changed, 18 insertions, 9 deletions

diff --git a/core/scripts/iptables.sh b/core/scripts/iptables.sh
index 2931c8c..714a18a 100644
--- a/core/scripts/iptables.sh
+++ b/core/scripts/iptables.sh
@@ -147,6 +147,7 @@ IPT="/usr/sbin/iptables"
 SPAMLIST="blockedip"
 SPAMDROPMSG="BLOCKED IP DROP"
 PUB_IF="wlp7s0"
+DHCP_SERV="192.168.1.1"
 #PUB_IP="192.168.1.65"
 #PRIV_IF="wlp3s0"
 
@@ -217,20 +218,20 @@ $IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 ##### Server rules below ######
 
 #echo "Allow ICMP"
-#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 0 -s 192.168.0.0/12 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -d 192.168.0.0/12 -j ACCEPT
-#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -s 192.168.0.0/12 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 8 -d 192.168.0.0/12 -j ACCEPT
+#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 0 -s 192.168.0.0/16 -j ACCEPT
+#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -d 192.168.0.0/16 -j ACCEPT
+#$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -s 192.168.0.0/16 -j ACCEPT
+#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 8 -d 192.168.0.0/16 -j ACCEPT
 
 #echo "Allow DNS Server"
 #$IPT -A INPUT -i ${PUB_IF} -p udp --sport 1024:65535 --dport 53  -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
 #$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -d 192.168.0.0/16 -j ACCEPT
 
 #echo "Allow HTTP and HTTPS server"
-#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT
-#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT
-#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/12 -j ACCEPT
+#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
+#$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
+#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 80 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
+#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 443 -m state --state NEW,ESTABLISHED -s 192.168.0.0/16 -j ACCEPT
 
 #echo "Allow ssh server"
 #$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
@@ -306,7 +307,7 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024:  -m state --
 # $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 29080 -m state --state ESTABLISHED -j ACCEPT
 # 
 # echo "Allow warzone2100"
-# $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/12 -j ACCEPT
+# $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/16 -j ACCEPT
 # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2100 -j ACCEPT
 # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT
 # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT
@@ -316,6 +317,14 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024:  -m state --
 # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT
 
 ##### END your rules ############
+# Less log of known traffic
+
+# RIP protocol
+$IPT -A INPUT -i ${PUB_IF} -p udp --sport 520 --dport 520 -s 192.168.0.0/16 -j DROP
+
+# DHCP
+$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -d $DHCP_SERV -j ACCEPT
+$IPT -A INPUT -i ${PUB_IF} -p udp --sport 67 --dport 68 -s $DHCP_SERV -j ACCEPT
 
 # log everything else and drop
 $IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: "