motius
/
htg-public
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

iptables basique automatique pour samba

This commit is contained in:
random-toto@localhost 2016-07-11 20:07:56 +02:00
parent e4c7fa5253
commit 79da869080
1 changed files with 106 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
shell/etc_init.d_iptables Normal file
View File

@ -0,0 +1,106 @@
#!/bin/sh
# ln -s /etc/init.d/iptables /etc/rc2.d/S02iptables
# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
fi
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start the firewall
# Description: Script flushes iptables rules and sets them back
#
#
#
#
#
### END INIT INFO
# Author: Foo Bar <foobar@baz.org>
#
# Please remove the "Author" lines above and replace them
# with your own name if you copy and modify this script.
DESC="Start firewall"
DAEMON=/usr/sbin/daemonexecutablename
NAME=iptables
DESC=iptables
# start
do_start()
{
# reset
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -F
ip6tables -X
# rules
iptables -A INPUT -p tcp --destination-port 135 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 139 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 445 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 137 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 138 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 135 -j REJECT
iptables -A INPUT -p tcp --destination-port 139 -j REJECT
iptables -A INPUT -p tcp --destination-port 445 -j REJECT
iptables -A INPUT -p tcp --destination-port 137 -j REJECT
iptables -A INPUT -p tcp --destination-port 138 -j REJECT
ip6tables -A INPUT -p tcp --destination-port 135 -j REJECT
ip6tables -A INPUT -p tcp --destination-port 139 -j REJECT
ip6tables -A INPUT -p tcp --destination-port 445 -j REJECT
ip6tables -A INPUT -p tcp --destination-port 137 -j REJECT
ip6tables -A INPUT -p tcp --destination-port 138 -j REJECT
}
do_status()
{
iptables -L
}
case "$1" in
force-reload|reload|restart|start|"")
do_start
;;
bla)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
stop)
# No-op
echo "Error: root should flush rules."
echo "see in /root"
;;
status)
do_status
exit $?
;;
*)
echo "Usage: motd [start|stop|status]" >&2
exit 3
;;
esac
: