IPTABLES=/sbin/iptables ## WAN configuration WAN_INT='eth0' # WAN interface IP='42.42.42.42' # WAN IP PING=1 # Allow ping FTP=0 # Allow FTP server (passive and active) ## LAN configuration NAT=0 # Activate nat (need a LAN_NETWORK) LAN_NETWORK='' # LAN network (ex: 192.168.1.0/24) LAN=0 # Allow traffic between the WAN and LAN LAN_INT='' # LAN interface ## Allow OUTPUT for everything ALLOW_WAN_OUTPUT_EVERYWHERE=1 ## Allow all traffic for interface(s) # example ALLOW_INTS='br0 xenbr42' ALLOW_INTS='' ## Output allow # destination [source] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" . # by default we allow http, https, ssh and DNS connections OUPUT_DESTINATIONS=( "0.0.0.0/0 tcp http,https,ssh,domain" "0.0.0.0/0 udp domain" ) ## Open ports # "source [destination] protocole {porta|portx:porty},[portx:porty,porta,portb,...]" ... # The default destination is the IP ! # example : OPEN_PORTS=("0.0.0.0/0 tcp 22" # "42.42.42.0/24 42.42.42.42 tcp ssh,imap,imaps,1024:2048,32") OPEN_PORTS=("0.0.0.0/0 tcp ssh") ## Port knocking (tcp only) # "port[,port] knock_ports_combinaison" # example : PORT_KNOCK("22,4242 121,4353,4242,111") PORT_KNOCK=() ## Port forwarding # "source port destination:port protocol" "source port destination:port protocol" ... # example : TRAFFICS=("0.0.0.0/0 80 192.168.0.42:80 tcp" "42.42.42.42 4242 192.168.0.43:22 tcp") TRAFFICS=() ## Port redirection # "interface protocol sourceport destport" ... # example : REDIRECTIONS=("eth42 tcp 32 25" "$LAN_INT tcp 25 4242") REDIRECTIONS=() ## Whitelist # example with an external file # source /etc/firewall/whitelist_ssh # WHITELIST=(${WHITELIST[@]) # example : WHITELIST=("1.2.3.4" "1.3.4.4" "192.168.1.0/24") #WHITELIST=() ## Whitelist port and protocol # exmaple : WHITELIST_OPEN_PORTS=("tcp ssh,8006" "udp 4242") # Hook point to write your own iptables rules ipt_hook() { echo "+ Load your own iptables rules" # Write your own iptables rules here }