Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F356
sbin_setup-network
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
dereckson
Nov 29 2014, 08:06
2014-11-29 08:06:56 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
sbin_setup-network
View Options
#!/bin/sh
INTERFACE
=
ens192
WEB_PORTS
=
80
,443
OPEN_PORTS
=
22
,25,
${
WEB_PORTS
}
IFCONFIG
=
/sbin/ifconfig
IPTABLES
=
/sbin/iptables
IP_EXEC
=
/sbin/ip
# Routing
${
IP_EXEC
}
route
change
62
.210.76.1
dev
$INTERFACE
${
IP_EXEC
}
route
change
default
via
62
.210.76.1
# Resets and define default policies
$IPTABLES
-F
$IPTABLES
-P
INPUT
DROP
$IPTABLES
-P
FORWARD
ACCEPT
$IPTABLES
-P
OUTPUT
ACCEPT
# Allows SSH, HTTP, HTTPS, SMTP
$IPTABLES
-A
INPUT
-p
tcp
-m
multiport
--dports
${
OPEN_PORTS
}
-m
state
--state
NEW,ESTABLISHED
-j
ACCEPT
$IPTABLES
-A
INPUT
-p
tcp
-m
multiport
--dports
${
OPEN_PORTS
}
-m
state
--state
NEW,ESTABLISHED
-j
ACCEPT
# To very crudely mitigate DDoS, if we have 100 request by minute, we limit at 25 connections.
$IPTABLES
-A
INPUT
-p
tcp
-m
multiport
--dports
${
WEB_PORTS
}
-m
limit
--limit
25
/minute
--limit-burst
100
-j
ACCEPT
# Allows ping
$IPTABLES
-A
INPUT
-p
icmp
--icmp-type
echo-request
-j
ACCEPT
$IPTABLES
-A
OUTPUT
-p
icmp
--icmp-type
echo-reply
-j
ACCEPT
# Allows loopback
$IPTABLES
-A
INPUT
-i
lo
-j
ACCEPT
#$IPTABLES -A OUTPUT -o lo -j ACCEPT
# Allows DNS
#$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT
$IPTABLES
-A
INPUT
-p
udp
--sport
53
-j
ACCEPT
# Hurricane Electric tunnel
$IPTABLES
-A
INPUT
-p
41
-j
ACCEPT
${
IP_EXEC
}
tunnel
add
he-ipv6
mode
sit
remote
216
.66.84.42
local
212
.129.32.223
ttl
255
${
IP_EXEC
}
link
set
he-ipv6
up
${
IP_EXEC
}
addr
add
2001
:470:1f12:ce7::2/64
dev
he-ipv6
${
IP_EXEC
}
addr
add
2001
:470:1f13:ce7:ca5:cade:fab:1e/64
dev
he-ipv6
${
IP_EXEC
}
route
change
::/0
dev
he-ipv6
# Drake peering with Ysul
${
IP_EXEC
}
tunnel
add
tun0
mode
gre
remote
212
.83.187.132
local
212
.129.32.223
$IFCONFIG
tun0
172
.27.26.49
$IFCONFIG
tun0
up
$IFCONFIG
tun0
pointopoint
172
.27.26.33
$IFCONFIG
tun0
multicast
File Metadata
Details
Attached
Mime Type
text/plain; charset=utf-8
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
e6/17/8375d51d65049d91984be5603ed9
Default Alt Text
sbin_setup-network (1 KB)
Attached To
Mode
P21 /sbin/setup-network
Attached
Detach File
Event Timeline
Log In to Comment