linux:bardziej_zaawansowany_skrypt_z_przekazywaniem_do_http_proxy

Jesteś tutaj: start » linux » bardziej_zaawansowany_skrypt_z_przekazywaniem_do_http_proxy 
#!/bin/bash
modprobe nf_conntrack_ftp  2> /dev/null
modprobe nf_nat_ftp  2> /dev/null
 
iptables -F
iptables -X MOJ 2> /dev/null
 
iptables -N MOJ
iptables -A MOJ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A MOJ -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
iptables -A MOJ -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
iptables -A MOJ -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
 
iptables -A INPUT -i lo
iptables -A INPUT -j MOJ
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
iptables -P INPUT DROP
 
iptables -A FORWARD -j MOJ
iptables -A FORWARD -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -P FORWARD DROP
 
iptables -t nat -F
#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 10.0.4.14 
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o wlan0 -j MASQUERADE
 
iptables -t nat -A PREROUTING -p tcp --dport 7002 -i wlan0 -j DNAT --to 192.168.1.102:22
iptables -t nat -A PREROUTING -p tcp --dport 7003 -i wlan0 -j DNAT --to 192.168.1.103:22
 
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 ! -d 192.168.1.1 -j REDIRECT --to 8080
#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -X MOJFW 2> /dev/null
 
iptables -N MOJFW
iptables -A MOJFW -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A MOJFW -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A MOJFW -m state --state NEW -p tcp --dport 443 -j ACCEPT
 
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j MOJFW
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW -m limit --limit 10/s -p tcp --dport 21 -j LOG --log-prefix "ABC: "
iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
 
iptables -A FORWARD -j MOJFW
iptables -A FORWARD -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -m state --state NEW -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -m state --state NEW -p tcp --dport 22 -d 192.168.56.0/24 -j ACCEPT
 
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.56.0/24 -o eth0 -j SNAT --to 10.0.13.50
 
iptables -t nat -A PREROUTING -p tcp --dport 2222 -i eth0 -j DNAT --to 192.168.56.2:22
 
iptables -t mangle -F
#iptables -t mangle -A FORWARD -j TTL --ttl-set 200