Như tên gọi, script này giúp setup nhanh IpTables Rules cơ bản dùng cho các dự án Web/API
Thay vì mở, chạy từng lệnh, run 1 script này là đủ.
Quick Command
curl -sSL https://go.nguyenanhung.com/iptables-rules | bash
iptables-rules.sh
#!/bin/bash ######################################################################## # _ _ _ _ # # | | | | | \ | | # # | |__| |_ _ _ __ __ _ | \| | __ _ _ _ _ _ ___ _ __ # # | __ | | | | '_ \ / _` | | . ` |/ _` | | | | | | |/ _ \ '_ \ # # | | | | |_| | | | | (_| | | |\ | (_| | |_| | |_| | __/ | | | # # |_| |_|\__,_|_| |_|\__, | |_| \_|\__, |\__,_|\__, |\___|_| |_| # # __/ | __/ | __/ | # # |___/ |___/ |___/ # #----------------------------------------------------------------------# # HungNG Manage Server Script Configure # ######################################################################## DEVELOP_BY="Hung Nguyen - [email protected]" SCRIPT_VERSION="1.7.1" # Bash variables export NC='\033[0m' export GREEN='\033[0;32m' export YELLOW='\033[0;33m' export CYAN='\033[0;36m' echo "=======================================================" echo echo " _ _ _ _ _____ " echo " | | | | | \ | | / ____|" echo " | |__| | _ _ _ __ __ _ | \| | | | __ " echo " | __ | | | | | | '_ \ / _\` | | . \` | | | |_ |" echo " | | | | | |_| | | | | | | (_| | | |\ | | |__| |" echo " |_| |_| \__,_| |_| |_| \__, | |_| \_| \_____|" echo " __/ | " echo " |___/ " echo echo -e "${YELLOW}Powered by ${DEVELOP_BY}${NC}" echo -e "${YELLOW}Script version ${SCRIPT_VERSION}${NC}" echo echo -e "${YELLOW}Script setup iptables rules mac dinh cho server ca nhan${NC}" echo echo "=======================================================" echo # Xóa tất cả các quy tắc hiện tại cleanup_iptables_rules() { sudo iptables -F sudo iptables -t nat -F sudo iptables -t mangle -F sudo iptables -X } # Đặt chính sách mặc định cho các chuỗi setup_iptables_default_rules() { sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD REJECT sudo iptables -P OUTPUT ACCEPT } # Chain INPUT # Function to set up iptables rules for IPv4 setup_iptables_chain_input_rules_for_ipv4() { local ip_address="$1" if [ -z "$ip_address" ]; then echo "Error: IP address is required as the first argument." return 1 fi echo -e "ACCEPT Input TCP to ${YELLOW}eth0${NC} from IPv4: ${GREEN}$ip_address${NC} for list port: 3306, 2842, 8421" # Add iptables rules sudo iptables -I INPUT -i eth0 -s "$ip_address" -p tcp --destination-port 3306 -j ACCEPT sudo iptables -I INPUT -i eth0 -s "$ip_address" -p tcp --destination-port 2842 -j ACCEPT sudo iptables -I INPUT -i eth0 -s "$ip_address" -p tcp --destination-port 8421 -j ACCEPT } # Các cổng khác setup_iptables_public_rules() { echo -e "ACCEPT Input TCP for list port: ${GREEN}587, 465, 25, 80 (HTTP), 443 (HTTPS)${NC}" sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 465 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT } # Setup other rules setup_iptables_other_rules() { # Các trạng thái kết nối echo "Setup Rules: INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT" sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Quy tắc ICMP echo "Setup Rules: INPUT -p icmp -j ACCEPT" sudo iptables -A INPUT -p icmp -j ACCEPT # Quy tắc localhost echo "Setup Rules: INPUT -i lo -j ACCEPT" sudo iptables -A INPUT -i lo -j ACCEPT # Quy tắc từ chối echo "Setup Rules: INPUT -j REJECT --reject-with icmp-host-prohibited" sudo iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited # Chain FORWARD echo "Setup Rules: FORWARD -j REJECT --reject-with icmp-host-prohibited" sudo iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited # Chain OUTPUT # Chính sách mặc định là ACCEPT, không cần thêm quy tắc } echo "=======================================================" cleanup_iptables_rules setup_iptables_default_rules setup_iptables_chain_input_rules_for_ipv4 "172.104.35.45" setup_iptables_chain_input_rules_for_ipv4 "123.16.131.208" setup_iptables_public_rules setup_iptables_other_rules echo echo "=======================================================" echo # Lưu cấu hình iptables (lệnh này có thể khác nhau tùy hệ điều hành) # Kiểm tra hệ điều hành if [ -f /etc/debian_version ]; then # Hệ điều hành Debian/Ubuntu echo -e "Setup for ${GREEN}Debian/Ubuntu${NC}" iptables-save >/etc/iptables/rules.v4 echo -e "${CYAN}The iptables configuration has been saved at /etc/iptables/rules.v4.${NC}" elif [ -f /etc/redhat-release ]; then # Hệ điều hành RHEL/CentOS echo -e "Setup for ${GREEN}RHEL/CentOS${NC}" service iptables save iptables -S echo -e "${CYAN}The iptables configuration has been saved.${NC}" else echo -e "${CYAN}Unsupported or undetectable operating system.${NC}" fi
Đăng nhận xét