iptables basique automatique pour samba

2016-07-11 20:07:56 +02:00 · 2016-07-11 20:07:56 +02:00 · 79da869080
parent e4c7fa5253
commit 79da869080
1 changed files with 106 additions and 0 deletions
--- a/shell/etc_init.d_iptables
+++ b/shell/etc_init.d_iptables
@ -0,0 +1,106 @@
+#!/bin/sh
+
+# ln -s /etc/init.d/iptables /etc/rc2.d/S02iptables
+
+# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
+if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
+    set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
+fi
+### BEGIN INIT INFO
+# Provides:          firewall 
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start the firewall
+# Description:       Script flushes iptables rules and sets them back
+#                    
+#                    
+#                    
+#                    
+#                    
+### END INIT INFO
+
+# Author: Foo Bar <foobar@baz.org>
+#
+# Please remove the "Author" lines above and replace them
+# with your own name if you copy and modify this script.
+
+DESC="Start firewall"
+DAEMON=/usr/sbin/daemonexecutablename
+NAME=iptables
+DESC=iptables
+
+# start
+do_start()
+{
+# reset
+	iptables -P INPUT ACCEPT
+	iptables -P FORWARD ACCEPT
+	iptables -P OUTPUT ACCEPT
+
+	iptables -t nat -F
+	iptables -t mangle -F
+	iptables -F
+	iptables -X
+
+	ip6tables -P INPUT ACCEPT
+	ip6tables -P FORWARD ACCEPT
+	ip6tables -P OUTPUT ACCEPT
+
+	ip6tables -t nat -F
+	ip6tables -t mangle -F
+	ip6tables -F
+	ip6tables -X
+
+# rules
+	iptables -A INPUT -p tcp --destination-port 135 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
+	iptables -A INPUT -p tcp --destination-port 139 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
+	iptables -A INPUT -p tcp --destination-port 445 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
+	iptables -A INPUT -p tcp --destination-port 137 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
+	iptables -A INPUT -p tcp --destination-port 138 -m iprange --src-range 192.168.0.0-192.168.10.255 -j ACCEPT 
+
+	iptables -A INPUT -p tcp --destination-port 135 -j REJECT 
+	iptables -A INPUT -p tcp --destination-port 139 -j REJECT 
+	iptables -A INPUT -p tcp --destination-port 445 -j REJECT 
+	iptables -A INPUT -p tcp --destination-port 137 -j REJECT 
+	iptables -A INPUT -p tcp --destination-port 138 -j REJECT 
+
+	ip6tables -A INPUT -p tcp --destination-port 135 -j REJECT 
+	ip6tables -A INPUT -p tcp --destination-port 139 -j REJECT 
+	ip6tables -A INPUT -p tcp --destination-port 445 -j REJECT 
+	ip6tables -A INPUT -p tcp --destination-port 137 -j REJECT 
+	ip6tables -A INPUT -p tcp --destination-port 138 -j REJECT 
+
+}
+do_status()
+{
+	iptables -L
+}
+
+
+case "$1" in
+  force-reload|reload|restart|start|"")
+	do_start
+	;;
+  bla)
+	echo "Error: argument '$1' not supported" >&2
+	exit 3
+	;;
+  stop)
+	# No-op
+	echo "Error: root should flush rules."
+	echo "see in /root"
+	;;
+  status)
+	do_status
+	exit $?
+	;;
+  *)
+	echo "Usage: motd [start|stop|status]" >&2
+	exit 3
+	;;
+esac
+
+:
+