46 lines
1.8 KiB
Plaintext
46 lines
1.8 KiB
Plaintext
*filter
|
|
# Default Policies
|
|
:INPUT DROP [0:0]
|
|
:FORWARD ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
|
|
# Allow Localhost && Internal Network
|
|
-A INPUT -i lo -j ACCEPT
|
|
-A INPUT -p all -m state --state NEW -s 10.0.0.0/8 -j ACCEPT
|
|
-A INPUT -p all -m state --state NEW -s 169.254.0.0/16 -j ACCEPT
|
|
-A INPUT -p all -m state --state NEW -s 172.16.0.0/12 -j ACCEPT
|
|
-A INPUT -p all -m state --state NEW -s 192.168.0.0/16 -j ACCEPT
|
|
|
|
# Accept established sessions
|
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
# Allow ping and ICMP error returns.
|
|
-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT
|
|
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
-A OUTPUT -p icmp -j ACCEPT
|
|
|
|
# Allow SSH.
|
|
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
|
|
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT
|
|
#-A INPUT -i wlan0 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
|
|
#-A OUTPUT -o wlan0 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT
|
|
|
|
# Allow TCP traffic on port [PORT].
|
|
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED --dport [PORT] -j ACCEPT
|
|
#-A INPUT -i wlan0 -p tcp -m state --state NEW,ESTABLISHED --dport [PORT] -j ACCEPT
|
|
|
|
# Allow traffic on the TUN interface so OpenVPN can communicate with eth0.
|
|
-A INPUT -i tun+ -j ACCEPT
|
|
-A FORWARD -i tun+ -j ACCEPT
|
|
-A OUTPUT -o tun+ -j ACCEPT
|
|
-A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
#-A FORWARD -i tun+ -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
#-A FORWARD -i wlan0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
COMMIT
|
|
|
|
*nat
|
|
# Configure NAT
|
|
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
|
|
#-A POSTROUTING -s 10.0.0.0/24 -o wlan0 -j MASQUERADE
|
|
COMMIT |