13 Апреля, 2019

Iptables Firewall dd-wrt [для дома]

Денис Забияко
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

## Section 1
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT

## Section 2
# Force SYN checks
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# Drop all fragments
iptables -A INPUT -f -j DROP

# Drop XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# Drop NULL packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

## Section 3
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

###
# Insert your system specific rules here
###

iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE

## Section 4
iptables -A INPUT -j LOG --log-level 7 --log-prefix "IPTABLES Dropped: "
iptables -A INPUT -j DROP

# temporary backup if we change from DROP to ACCEPT policies
iptables -A INPUT -p tcp -m tcp --dport 1:1024 -j DROP
iptables -A INPUT -p udp -m udp --dport 1:1024 -j DROP