From plesk, 7 Months ago, written in Bash.
Embed
  1. #!/bin/bash
  2. #ATTENTION!
  3. #
  4. #DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
  5. #SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
  6.  
  7. set -e
  8.  
  9. echo 0 > /proc/sys/net/ipv4/ip_forward
  10. ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
  11. (rmmod ipchains) >/dev/null 2>&1 || true
  12.  
  13. apply_rule()
  14. {
  15.         iptables_bin="$1"
  16.         shift
  17.  
  18.         iptables_version=`/sbin/iptables --version | awk -F '.' '{print $2$3}'`
  19.  
  20.         # Use the native --wait option since v1.4.20
  21.         if [ $iptables_version -gt 420 ]; then
  22.                 $iptables_bin -w $@ 2>/dev/null
  23.                 return $?
  24.         fi
  25.  
  26.         # Emulate --wait for elderly versions
  27.         for i in `seq 10`; do
  28.                 $iptables_bin $@ 2>&1 | grep -q xtable || return 0
  29.                 sleep 1
  30.         done
  31.  
  32.         return 1
  33. }
  34.  
  35. /sbin/iptables-save  -t filter | grep -- "-A INPUT" |  grep -v "fail2ban-\|f2b-" | sed -e "s#^-A#apply_rule /sbin/iptables -D#g" | xargs -0 echo -e "`declare -f apply_rule`\n" | /bin/bash
  36.  
  37. apply_rule /sbin/iptables -F FORWARD
  38. apply_rule /sbin/iptables -F OUTPUT
  39. apply_rule /sbin/iptables -Z FORWARD
  40. apply_rule /sbin/iptables -Z OUTPUT
  41.  
  42. apply_rule /sbin/iptables -P INPUT DROP
  43. apply_rule /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  44. apply_rule /sbin/iptables -A INPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  45. apply_rule /sbin/iptables -A INPUT -m state --state INVALID -j DROP
  46. apply_rule /sbin/iptables -P OUTPUT DROP
  47. apply_rule /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  48. apply_rule /sbin/iptables -A OUTPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  49. apply_rule /sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
  50. apply_rule /sbin/iptables -P FORWARD DROP
  51. apply_rule /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  52. apply_rule /sbin/iptables -A FORWARD -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  53. apply_rule /sbin/iptables -A FORWARD -m state --state INVALID -j DROP
  54.  
  55. apply_rule /sbin/iptables -A INPUT -i lo  -j ACCEPT
  56. apply_rule /sbin/iptables -A OUTPUT -o lo -j ACCEPT
  57. apply_rule /sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
  58.  
  59. apply_rule /sbin/iptables -t mangle -F
  60. apply_rule /sbin/iptables -t mangle -Z
  61. apply_rule /sbin/iptables -t mangle -P PREROUTING ACCEPT
  62. apply_rule /sbin/iptables -t mangle -P OUTPUT ACCEPT
  63. apply_rule /sbin/iptables -t mangle -P INPUT ACCEPT
  64. apply_rule /sbin/iptables -t mangle -P FORWARD ACCEPT
  65. apply_rule /sbin/iptables -t mangle -P POSTROUTING ACCEPT
  66.  
  67. /sbin/ip6tables-save  -t filter | grep -- "-A INPUT" |  grep -v "fail2ban-\|f2b-" | sed -e "s#^-A#apply_rule /sbin/ip6tables -D#g" | xargs -0 echo -e "`declare -f apply_rule`\n" | /bin/bash
  68.  
  69. apply_rule /sbin/ip6tables -F FORWARD
  70. apply_rule /sbin/ip6tables -F OUTPUT
  71. apply_rule /sbin/ip6tables -Z FORWARD
  72. apply_rule /sbin/ip6tables -Z OUTPUT
  73.  
  74. apply_rule /sbin/ip6tables -P INPUT DROP
  75. apply_rule /sbin/ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  76. apply_rule /sbin/ip6tables -A INPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  77. apply_rule /sbin/ip6tables -A INPUT -m state --state INVALID -j DROP
  78. apply_rule /sbin/ip6tables -P OUTPUT DROP
  79. apply_rule /sbin/ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  80. apply_rule /sbin/ip6tables -A OUTPUT -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  81. apply_rule /sbin/ip6tables -A OUTPUT -m state --state INVALID -j DROP
  82. apply_rule /sbin/ip6tables -P FORWARD DROP
  83. apply_rule /sbin/ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  84. apply_rule /sbin/ip6tables -A FORWARD -p tcp ! --syn  -m state --state NEW -j REJECT --reject-with tcp-reset
  85. apply_rule /sbin/ip6tables -A FORWARD -m state --state INVALID -j DROP
  86.  
  87. apply_rule /sbin/ip6tables -A INPUT -i lo  -j ACCEPT
  88. apply_rule /sbin/ip6tables -A OUTPUT -o lo -j ACCEPT
  89. apply_rule /sbin/ip6tables -A FORWARD -i lo -o lo -j ACCEPT
  90.  
  91. apply_rule /sbin/ip6tables -t mangle -F
  92. apply_rule /sbin/ip6tables -t mangle -Z
  93. apply_rule /sbin/ip6tables -t mangle -P PREROUTING ACCEPT
  94. apply_rule /sbin/ip6tables -t mangle -P OUTPUT ACCEPT
  95. apply_rule /sbin/ip6tables -t mangle -P INPUT ACCEPT
  96. apply_rule /sbin/ip6tables -t mangle -P FORWARD ACCEPT
  97. apply_rule /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
  98.  
  99.  
  100. apply_rule /sbin/iptables -t nat -F
  101. apply_rule /sbin/iptables -t nat -Z
  102. apply_rule /sbin/iptables -t nat -P PREROUTING ACCEPT
  103. apply_rule /sbin/iptables -t nat -P OUTPUT ACCEPT
  104. apply_rule /sbin/iptables -t nat -P POSTROUTING ACCEPT
  105.  
  106. apply_rule /sbin/iptables -A INPUT -p tcp --dport 49152:65535 -j DROP
  107. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 49152:65535 -j DROP
  108.  
  109. apply_rule /sbin/iptables -A INPUT -p tcp --dport 12443 -j DROP
  110. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 12443 -j DROP
  111.  
  112. apply_rule /sbin/iptables -A INPUT -p tcp --dport 11443 -j DROP
  113. apply_rule /sbin/iptables -A INPUT -p tcp --dport 11444 -j DROP
  114. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 11443 -j DROP
  115. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 11444 -j DROP
  116.  
  117. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8447 -s 5.158.190.102 -j ACCEPT
  118. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8447 -s 81.26.171.194 -j ACCEPT
  119. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8447 -j DROP
  120. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8447 -s ::ffff:5.158.190.102 -j ACCEPT
  121. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8447 -s ::ffff:81.26.171.194 -j ACCEPT
  122. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8447 -j DROP
  123.  
  124. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8443 -s 5.158.190.102 -j ACCEPT
  125. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8443 -s 81.26.171.194 -j ACCEPT
  126. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8443 -j DROP
  127. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8880 -s 5.158.190.102 -j ACCEPT
  128. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8880 -s 81.26.171.194 -j ACCEPT
  129. apply_rule /sbin/iptables -A INPUT -p tcp --dport 8880 -j DROP
  130. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8443 -s ::ffff:5.158.190.102 -j ACCEPT
  131. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8443 -s ::ffff:81.26.171.194 -j ACCEPT
  132. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8443 -j DROP
  133. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8880 -s ::ffff:5.158.190.102 -j ACCEPT
  134. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8880 -s ::ffff:81.26.171.194 -j ACCEPT
  135. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 8880 -j DROP
  136.  
  137. apply_rule /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  138. apply_rule /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
  139. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
  140. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
  141.  
  142. apply_rule /sbin/iptables -A INPUT -p tcp --dport 21 -j DROP
  143. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 21 -j DROP
  144.  
  145. apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -s 5.158.190.102 -j ACCEPT
  146. apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -s 81.26.171.194 -j ACCEPT
  147. apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
  148. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -s ::ffff:5.158.190.102 -j ACCEPT
  149. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -s ::ffff:81.26.171.194 -j ACCEPT
  150. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -j DROP
  151.  
  152. apply_rule /sbin/iptables -A INPUT -p tcp --dport 587 -j DROP
  153. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 587 -j DROP
  154.  
  155. apply_rule /sbin/iptables -A INPUT -p tcp --dport 25 -j DROP
  156. apply_rule /sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
  157. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 25 -j DROP
  158. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 465 -j DROP
  159.  
  160. apply_rule /sbin/iptables -A INPUT -p tcp --dport 110 -j DROP
  161. apply_rule /sbin/iptables -A INPUT -p tcp --dport 995 -j DROP
  162. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 110 -j DROP
  163. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 995 -j DROP
  164.  
  165. apply_rule /sbin/iptables -A INPUT -p tcp --dport 143 -j DROP
  166. apply_rule /sbin/iptables -A INPUT -p tcp --dport 993 -j DROP
  167. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 143 -j DROP
  168. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 993 -j DROP
  169.  
  170. apply_rule /sbin/iptables -A INPUT -p tcp --dport 106 -j DROP
  171. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 106 -j DROP
  172.  
  173. apply_rule /sbin/iptables -A INPUT -p tcp --dport 3306 -s 5.158.190.102 -j ACCEPT
  174. apply_rule /sbin/iptables -A INPUT -p tcp --dport 3306 -s 81.26.171.194 -j ACCEPT
  175. apply_rule /sbin/iptables -A INPUT -p tcp --dport 3306 -j DROP
  176. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 3306 -s ::ffff:5.158.190.102 -j ACCEPT
  177. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 3306 -s ::ffff:81.26.171.194 -j ACCEPT
  178. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 3306 -j DROP
  179.  
  180. apply_rule /sbin/iptables -A INPUT -p tcp --dport 5432 -j DROP
  181. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 5432 -j DROP
  182.  
  183. apply_rule /sbin/iptables -A INPUT -p udp --dport 137 -j DROP
  184. apply_rule /sbin/iptables -A INPUT -p udp --dport 138 -j DROP
  185. apply_rule /sbin/iptables -A INPUT -p tcp --dport 139 -j DROP
  186. apply_rule /sbin/iptables -A INPUT -p tcp --dport 445 -j DROP
  187. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 137 -j DROP
  188. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 138 -j DROP
  189. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 139 -j DROP
  190. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 445 -j DROP
  191.  
  192. apply_rule /sbin/iptables -A INPUT -p udp --dport 1194 -j DROP
  193. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 1194 -j DROP
  194.  
  195. apply_rule /sbin/iptables -A INPUT -p udp --dport 53 -j DROP
  196. apply_rule /sbin/iptables -A INPUT -p tcp --dport 53 -j DROP
  197. apply_rule /sbin/ip6tables -A INPUT -p udp --dport 53 -j DROP
  198. apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 53 -j DROP
  199.  
  200. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
  201. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
  202. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
  203. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT
  204.  
  205. apply_rule /sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j DROP
  206. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j DROP
  207. apply_rule /sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j DROP
  208.  
  209. apply_rule /sbin/iptables -A INPUT -j DROP
  210. apply_rule /sbin/ip6tables -A INPUT -j DROP
  211.  
  212. apply_rule /sbin/iptables -A OUTPUT -j ACCEPT
  213. apply_rule /sbin/ip6tables -A OUTPUT -j ACCEPT
  214.  
  215. apply_rule /sbin/iptables -A FORWARD -j DROP
  216. apply_rule /sbin/ip6tables -A FORWARD -j DROP
  217.  
  218. echo 1 > /proc/sys/net/ipv4/ip_forward
  219. #
  220. # End of script
  221. #
  222.