danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update firewall rules

Browse Source
This commit is contained in:
Daniel Winzen
2018-09-10 19:20:11 +02:00
parent 2c634b889c
commit 382ea73efb
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
etc/rc.local
View File

@ -39,7 +39,7 @@ iptables -A OUTPUT -p udp --dport 123 -d $clearnet -j ACCEPT
)done )done
#restrict local communication for php and webserver #restrict local communication for php and webserver
#allowed tcp ports #allowed tcp ports
for port in 3306 9040 9050 110 143 25 21 5000:5050; do( for port in 3306 9040 9050 110 143 25 21 5000:5050 53; do(
iptables -A OUTPUT -d 127.0.0.0/8 -p tcp --dport $port -m owner --gid-owner www-data -j ACCEPT; iptables -A OUTPUT -d 127.0.0.0/8 -p tcp --dport $port -m owner --gid-owner www-data -j ACCEPT;
ip6tables -A OUTPUT -d ::1 -p tcp --dport $port -m owner --gid-owner www-data -j ACCEPT ip6tables -A OUTPUT -d ::1 -p tcp --dport $port -m owner --gid-owner www-data -j ACCEPT
)done )done
@ -64,6 +64,8 @@ ip6tables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
#allow local communication #allow local communication
iptables -A OUTPUT -o lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
#reject everything else #reject everything else
iptables -A OUTPUT -j REJECT iptables -A OUTPUT -j REJECT
ip6tables -A OUTPUT -j REJECT ip6tables -A OUTPUT -j REJECT
@ -73,7 +75,7 @@ ip6tables -A OUTPUT -j REJECT
#iptables -A INPUT -s $clearnet -j ACCEPT; #iptables -A INPUT -s $clearnet -j ACCEPT;
#)done #)done
#drop everything else (uncomment after adding your own IP above) #drop everything else (uncomment after adding your own IP above)
#iptables -A INPUT -i eth0 -j DROP #iptables -A INPUT -j DROP
#ip6tables -A INPUT -i eth0 -j DROP #ip6tables -A INPUT -j DROP
exit 0 exit 0