Vous êtes sur la page 1sur 2

Flush any pre-existing rules

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# Set the default input policy to DROP all
iptables -D INPUT DROP
# By default allow all traffic out
iptables -P OUTPUT ACCEPT
# Disallow forwarding
iptables -P FORWARD DROP

# Allow preexisting connections. This should be at the start of the rule set

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allow SMTP On 10.99.99.10
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 25 -j ACCEPT
# Allow DNS On 10.99.99.10
iptables -A INPUT -p udp -d 10.99.99.10 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 53 -j ACCEPT
# Allow HTTP and HTTPS
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 7071 -j ACCEPT
iptables -A INPUT -p tcp -d 192.168.97.92 --dport 22 -j ACCEPT
# Allow POP3 On 10.99.99.10
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 995 -j ACCEPT
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 993 -j ACCEPT
iptables -A INPUT -p tcp -d 10.99.99.10 --dport 465 -j ACCEPT
# Allow SSH from 192.168.97.0/32 On 10.99.99.10
#iptables -A INPUT -p tcp -s 192.168.97.0/32 -d 10.99.99.10 --dport 22 -j ACCEPT
# Allow traffic over lo
iptables -A INPUT -i lo -j ACCEPT

========
#iptables rules are:
iptables -A INPUT -p tcp --sport 25 -i em1 -s 192.168.0.0/16 -d 10.99.99.10 -j
ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -o em1 -s 10.195.0.0/16 -d 10.99.99.10 -j
ACCEPT

iptables -A OUTPUT -s 192.168.0.0/16 -d 10.99.99.10/32 -o eth1 -p tcp -m state


--state NEW -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -s 10.195.0.0/16 -d 10.99.99.10/32 -o eth1 -p tcp -m state
--state NEW -m tcp --dport 25 -j ACCEPT
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

==================
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 7071 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.92 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 995 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 993 -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.97.0/24 --dport 465 -j ACCEPT

## RULE CREATION
iptables -N RATE-LIMIT
iptables -A RATE-LIMIT -p tcp --dport 25 -m state --state NEW -m recent --set
iptables -A RATE-LIMIT -p tcp --dport 25 -m state --state NEW -m recent --update
--seconds 60 --hitcount 50 -j DROP
iptables -A RATE-LIMIT -j ACCEPT iptables -I INPUT -s 192.168.0.0/16 -p tcp --dport
25 -j ACCEPT
iptables -I INPUT -s 10.95.0.0/16 -p tcp --dport 25 -j ACCEPT
iptables -I INPUT --match conntrack --ctstate NEW -p tcp --dport 25 --jump RATE-
LIMIT

iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j


ACCEPT