Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F356
sbin_setup-network
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
dereckson
Nov 29 2014, 08:06
2014-11-29 08:06:56 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
sbin_setup-network
View Options
#!/bin/sh
INTERFACE
=
ens192
WEB_PORTS
=
80
,443
OPEN_PORTS
=
22
,25,
${
WEB_PORTS
}
IFCONFIG
=
/sbin/ifconfig
IPTABLES
=
/sbin/iptables
IP_EXEC
=
/sbin/ip
# Routing
${
IP_EXEC
}
route change
62
.210.76.1 dev
$INTERFACE
${
IP_EXEC
}
route change default via
62
.210.76.1
# Resets and define default policies
$IPTABLES
-F
$IPTABLES
-P INPUT DROP
$IPTABLES
-P FORWARD ACCEPT
$IPTABLES
-P OUTPUT ACCEPT
# Allows SSH, HTTP, HTTPS, SMTP
$IPTABLES
-A INPUT -p tcp -m multiport --dports
${
OPEN_PORTS
}
-m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES
-A INPUT -p tcp -m multiport --dports
${
OPEN_PORTS
}
-m state --state NEW,ESTABLISHED -j ACCEPT
# To very crudely mitigate DDoS, if we have 100 request by minute, we limit at 25 connections.
$IPTABLES
-A INPUT -p tcp -m multiport --dports
${
WEB_PORTS
}
-m limit --limit
25
/minute --limit-burst
100
-j ACCEPT
# Allows ping
$IPTABLES
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$IPTABLES
-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
# Allows loopback
$IPTABLES
-A INPUT -i lo -j ACCEPT
#$IPTABLES -A OUTPUT -o lo -j ACCEPT
# Allows DNS
#$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT
$IPTABLES
-A INPUT -p udp --sport
53
-j ACCEPT
# Hurricane Electric tunnel
$IPTABLES
-A INPUT -p
41
-j ACCEPT
${
IP_EXEC
}
tunnel add he-ipv6 mode sit remote
216
.66.84.42
local
212
.129.32.223 ttl
255
${
IP_EXEC
}
link
set
he-ipv6 up
${
IP_EXEC
}
addr add
2001
:470:1f12:ce7::2/64 dev he-ipv6
${
IP_EXEC
}
addr add
2001
:470:1f13:ce7:ca5:cade:fab:1e/64 dev he-ipv6
${
IP_EXEC
}
route change ::/0 dev he-ipv6
# Drake peering with Ysul
${
IP_EXEC
}
tunnel add tun0 mode gre remote
212
.83.187.132
local
212
.129.32.223
$IFCONFIG
tun0
172
.27.26.49
$IFCONFIG
tun0 up
$IFCONFIG
tun0 pointopoint
172
.27.26.33
$IFCONFIG
tun0 multicast
File Metadata
Details
Attached
Mime Type
text/plain; charset=utf-8
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
349
Default Alt Text
sbin_setup-network (1 KB)
Attached To
Mode
P21 /sbin/setup-network
Attached
Detach File
Event Timeline
Log In to Comment