Skip to content

CauldronDevelopmentLLC/iptables

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
default
default
 
 
iptables
iptables
 
 

Repository files navigation

iptables

A script for managing IPtables configurations.

This is a simple script that I've been using for many years to configure iptables. There are many alternatives but this is what I use.

Install

cp iptables /etc/init.d/
cp default /etc/default/iptables

On Debian based systems activate the script with:

sudo update-rc.d iptables defaults 13 87

Configuration

You should only need to edit /etc/default/iptables. The configuration is controlled mainly by setting variables.

Variables

EXTIF

This variable sets the external interface. The default is eth0 but it could be something else. Currently only one external interface is supported.

MASQIFS

A space separated list of interfaces to be masqueraded. This will masquerade the EXTIF to these interfaces. You can also masquerade interfaces using the masquerade inside of the start_local function.

Masquerading allows the masqueraded interface to access the Internet via the EXTIF but does not open any ports on the masqueraded interface.

MODULES

A space separated list of kernel modules to load. Any modules which are needed by the iptables configuration should be listed here.

OPENTCP

A space separated list of TCP ports that should be open.

OPENUDP

A space separated list of UDP ports that should be open.

OPENIPS

A space separated list of IPv4 and IPv6 addresses that should be allow in on all ports.

BLOCKEDIPS

A space separated list of IPv4 and IPv6 addresses that should be completely blocked.

PING

Set to true to enable remote IPv4 and IPv6 ping.

LOG

Set to true to enable iptables IPv4 and IPv6 logging.

VERBOSE

Set to true to enable verbose output.

IPTABLES

Set to the path to the iptables executable. Default is /sbin/iptables.

IP6TABLES

Set to the path to the ip6tables executable. Default is /sbin/ip6tables. Set to /bin/true to make the script ignore IPv6.

Functions

The script defines a few helper functions.

start_local

A special function that is called after the initial iptables setup. You can define this function to implement more advanced configurations. From this function you can call the other helper functions listed below.

action [args...]

This will print the specified message to the screen when the iptables scripts is run followed by a message indicating if the the command was successful or failed. Use this to log the action being performed.

allow_in

Allows connections to the specified port on the specified protocol from the specified source IPv4 or IPv6 address or address range.

block_ip

Blocks all input from an IPv4 or IPv6 address.

allow_ip

Allows all input from an IPv4 or IPv6 address.

allow_port

Allows input from a port and protocol.

masquerade

Masquerades the internal network interface to the specified external interface.

Usage

You can run the script manually and see its output like this:

sudo /etc/init.d/iptables restart

Otherwise, use your systems service control commands, in which case the scripts output will not be visible on the command line. E.g.:

sudo systemctl restart iptables

About

A script for managing IPtables configurations

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages