#!/bin/bash IPT="/usr/sbin/iptables" #TYPE=bridge #TYPE=server TYPE=open #TYPE=client clear_ipt() { ${IPT} -F ${IPT} -X ${IPT} -t nat -F ${IPT} -t nat -X ${IPT} -t mangle -F ${IPT} -t mangle -X ${IPT} -t raw -F ${IPT} -t raw -X ${IPT} -t security -F ${IPT} -t security -X } case $1 in start) case $TYPE in bridge) clear_ipt echo "setting bridge network..." echo 1 > /proc/sys/net/ipv4/ip_forward ## load bridge configuration iptables-restore /etc/iptables/bridge.v4 ;; server) clear_ipt echo "setting server network..." ## load server configuration iptables-restore /etc/iptables/server.v4 ;; client) clear_ipt echo "setting client network..." ## load client configuration iptables-restore /etc/iptables/client.v4 ;; open) clear_ipt echo "setting open network..." ## load client configuration ${IPT} -P INPUT DROP ${IPT} -P FORWARD DROP ${IPT} -P OUTPUT ACCEPT ${IPT} -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT ${IPT} -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT ${IPT} -A INPUT -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT ${IPT} -A INPUT -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT ${IPT} -A OUTPUT -j ACCEPT ${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " ${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " #${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " ;; esac ;; stop) echo "clear all iptables tables" clear_ipt # Set Default Rules ${IPT} -P INPUT DROP ${IPT} -P FORWARD DROP ${IPT} -P OUTPUT DROP ${IPT} -A FORWARD -j LOG --log-level 7 --log-prefix "iptables: FORWARD: " ${IPT} -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " ${IPT} -A OUTPUT -j LOG --log-level 7 --log-prefix "iptables: OUTPUT: " ;; restart) clear_ipt $0 start ;; status) ${IPT} -v ;; *) echo "Usage: $0 [start|stop]" ;; esac