#!/bin/bash modprobe nf_conntrack_ftp 2> /dev/null modprobe nf_nat_ftp 2> /dev/null iptables -F iptables -X MOJ 2> /dev/null iptables -N MOJ iptables -A MOJ -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A MOJ -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT iptables -A MOJ -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT iptables -A MOJ -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT iptables -A INPUT -i lo iptables -A INPUT -j MOJ iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -j MOJ iptables -A FORWARD -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT iptables -A FORWARD -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT iptables -P FORWARD DROP iptables -t nat -F #iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 10.0.4.14 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o wlan0 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 7002 -i wlan0 -j DNAT --to 192.168.1.102:22 iptables -t nat -A PREROUTING -p tcp --dport 7003 -i wlan0 -j DNAT --to 192.168.1.103:22 iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 ! -d 192.168.1.1 -j REDIRECT --to 8080
#!/bin/bash iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -X MOJFW 2> /dev/null iptables -N MOJFW iptables -A MOJFW -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A MOJFW -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -A MOJFW -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -j MOJFW iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT iptables -A INPUT -m state --state NEW -m limit --limit 10/s -p tcp --dport 21 -j LOG --log-prefix "ABC: " iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT iptables -A FORWARD -j MOJFW iptables -A FORWARD -m state --state NEW -p udp --dport 53 -j ACCEPT iptables -A FORWARD -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT iptables -A FORWARD -m state --state NEW -p tcp --dport 8080 -j ACCEPT iptables -A FORWARD -m state --state NEW -p tcp --dport 22 -d 192.168.56.0/24 -j ACCEPT iptables -t nat -F iptables -t nat -A POSTROUTING -s 192.168.56.0/24 -o eth0 -j SNAT --to 10.0.13.50 iptables -t nat -A PREROUTING -p tcp --dport 2222 -i eth0 -j DNAT --to 192.168.56.2:22 iptables -t mangle -F #iptables -t mangle -A FORWARD -j TTL --ttl-set 200