#!/bin/sh # ###################################################################################### # #VISAGE='00:12:F0:75:55:6F' #SNACH='00:0D:87:A0:D4:AE' PASHA='00:04:61:58:F3:87' KIRA='00:13:46:65:73:47' KIRA1='00:13:8F:60:42:5D' LENA73='00:0B:6A:96:28:A5' VLADIMIR33='00:E0:4C:77:19:DE' CORNELII73='00:05:1C:1C:2F:63' LILIANA31='00:0B:6A:80:90:AD' CHERVEAK72='00:05:1C:1C:4F:3C' NATASHA33='00:0F:EA:A4:60:B8' BALU92='00:0B:6A:C5:62:03' #METAN71='00:40:F4:87:46:27' DIMA33='00:05:1C:1F:CF:A5' KUBA31='00:12:3F:5E:45:B5' #AZZA32='10:00:E6:78:05:00' OTILIA33='00:13:8F:0E:3A:9C' WIZARD73='00:0E:2E:2A:4E:F5' DENIS73='00:14:2A:78:FB:2C' #NADEA5='00:0B:6A:7F:2E:F5' LENA31='00:19:DB:6B:BD:5B' DIMA73='00:14:2A:B7:6D:EC' #IURA32='' #ALEX33='00:1C:25:36:64:11' BORIS71='00:11:D8:5C:87:94' GHENA73='00:11:2F:B5:1E:01' TANEA72='00:1E:8C:99:E0:FE' # ###################################################################################### echo "Starting DAY's firewalling... " echo " " SK_INT='eth0' LO_INT='eth1' #TMG_INT='eth2' #LO_INT='ra0' #TMG_INT='eth3' #MDEX_INT='eth2' LOCALNET='192.168.17.0/24' IPTABLES="/usr/sbin/iptables" iptables -F iptables -t mangle -F iptables -t nat -F iptables -X echo "Iptables erased!" ############################### SERVERS/ROUTERS #################### #rejecting ichat from internet #$IPTABLES -I INPUT -i $SK_INT -p tcp --dport 6666 -j REJECT #$IPTABLES -I INPUT -i $SK_INT -p tcp --sport 6666 -j REJECT $IPTABLES -I INPUT -i $SK_INT -s 86.106.251.110/25 -p tcp --dport 6666 -j ACCEPT # #$IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.4 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.6 -j REJECT #$IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.9 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.11 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.14 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.15 -j REJECT #$IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.16 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.17 -j REJECT #$IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.24 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.33 -j REJECT #$IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.39 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.42 -j REJECT $IPTABLES -I INPUT -p tcp --dport 6666 -s 192.168.17.49 -j REJECT #################################################################### ### ### Access some users to this pc ### # #$IPTABLES -A INPUT -s 192.168.17.3 --dport ! 6666 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.22 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.11 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.15 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.64 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.37 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.79 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.49 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.64 -j REJECT #$IPTABLES -A INPUT -s 192.168.17.78 --dport ! 6666 -j REJECT #smtp rejecting $IPTABLES -A FORWARD -i $LO_INT -p tcp --dport 25 -s 192.168.17.56 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp --sport 25 -s 192.168.17.56 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp --sport 25 -s 192.168.17.63 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp --dport 25 -s 192.168.17.63 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -s 192.168.17.63 -j REJECT $IPTABLES -A FORWARD -p tcp -d 192.168.190.0/24 -j REJECT $IPTABLES -A FORWARD -p tcp -d 192.168.146.0/24 -j REJECT ##icmp due to 17.72 flooding #$IPTABLES -A FORWARD -i $LO_INT -p icmp -j REJECT #$IPTABLES -I FORWARD -i $LO_INT -p icmp -j DROP #pasha #$IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 80,21,443,8080,81,82,83,5190 -s 192.168.17.20 -j ACCEPT #$IPTABLES -A FORWARD -i $LO_INT -p tcp -s 192.168.17.20 -j REJECT #$IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 80,21,443,8080,81,82,83,5190 -s 192.168.17.20 -j ACCEPT # #echo "done dropping input and output to g1 to all except me" # #PORTS REJECTING ##Xnet LAN # $IPTABLES -A FORWARD -i $LO_INT -p tcp --dport 53 -s 78.24.53.25/30 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p tcp --dport 53 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 135,136,137,138,139,500,1433,1434,1900,1029,445 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 3128,8080 -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 8080,3128 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 3127,3198,4297,5000,5599,5800,5801,5900,27374,12348 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 1800,2283,2535,2745,3410,5554,8866,9898,10000,10080 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp -m multiport --dport 12345,17300,27374,65506,6129,3389,4444,31337 -j REJECT # $IPTABLES -A FORWARD -i $LO_INT -p udp --dport 53 -s 78.24.53.25/30 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p udp --dport 53 -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p udp --dport 53 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -m multiport --dport 135,136,137,138,139,500,1433,1434,1900,1029,445 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -m multiport --dport 8080,3128,8000 -s ! 192.168.17.1 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -m multiport --dport 3127,3198,4297,5000,5599,5800,5801,5900,27374,12348 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -m multiport --dport 1800,2283,2535,2745,3410,5554,8866,9898,10000,10080 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -m multiport --dport 12345,17300,27374,65506,6129,3389,4444,31337 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p udp -m multiport --dport 3382,3380,901,1080,1025 -j REJECT echo "Done rejecting dangerous ports" #real ips forwarding from/to xnet lan rejecting $IPTABLES -A FORWARD -i $LO_INT -s 87.248.174.97/29 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -d 87.248.174.97/29 -j REJECT $IPTABLES -A FORWARD -o $SK_INT -d 192.168.17.0/24 -j ACCEPT $IPTABLES -A FORWARD -o $SK_INT -d 192.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -o $SK_INT -d 10.0.0.0/8 -j REJECT echo "Done rejecting ips forwarding from/to xnet lan rejecting" # ##P2P # #$IPTABLES -I FORWARD -i $LO_INT -p tcp -m multiport --dport 8011,6346,6347,4111,411,2777,6881,4552 -s ! 192.168.17.1 -j REJECT #$IPTABLES -I FORWARD -i $LO_INT -p tcp -m multiport --dport 4462,4662,4663,4661,4672,4711,5768,6699 -s ! 192.168.17.1 -j REJECT #$IPTABLES -I FORWARD -i $LO_INT -p udp -m multiport --dport 4462,6346,6347,4111,411,2777,6881,6969 -s ! 192.168.17.1 -j REJECT #$IPTABLES -I FORWARD -i $LO_INT -p udp -m multiport --dport 4663,4661,4672,4711,5768,6699,1412 -s ! 192.168.17.1 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -p tcp --dport 1:6200 -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p udp --dport 1:6200 -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p tcp --dport 1:6200 -s 192.168.17.20 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -p udp --dport 1:6200 -s 192.168.17.20 -j ACCEPT $IPTABLES -A FORWARD -p tcp --dport 5190 -s 192.168.17.0/24 -j ACCEPT $IPTABLES -A FORWARD -p tcp --dport 1025:6400 -s 192.168.17.0/24 -j DROP $IPTABLES -A FORWARD -p udp --dport 1025:6400 -s 192.168.17.0/24 -j REJECT $IPTABLES -A FORWARD -p tcp --dport 21 -s 192.168.17.1 -j ACCEPT # #$IPTABLES -A INPUT -i $SK_INT -p tcp -j DROP #$IPTABLES -A INPUT -i $SK_INT -p udp -j DROP # #$IPTABLES -A FORWARD -i $SK_INT -s 78.24.53.25/32 -j ACCEPT #$IPTABLES -A FORWARD -i $SK_INT -s 78.24.0.0/16 -j REJECT #$IPTABLES -A OUTPUT -o $LO_INT -s 87.248.174.97/29 -j REJECT #$IPTABLES -A INPUT -i $SK_INT -p icmp -j DROP #$IPTABLES -A INPUT -i $SK_INT -p tcp -sport !53 -j DROP #$IPTABLES -A INPUT -i $TMG_INT -p icmp -j DROP #$IPTABLES -A INPUT -i $LO_INT -p icmp -j DROP # echo "done allowing only standart ports for some p2p-downloaders :)" echo "Done rejecting p2p" # #Rejecting torrentsmd.com, p2p.dm, eogli.com TRACKER_IP='86.124.138.10' TORRENTS_IP='86.124.138.20' EOGLI='87.118.120.3' $IPTABLES -A FORWARD -d $TRACKER_IP -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -d $TORRENTS_IP -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -d $TORRENTS_IP -s 192.168.17.34 -j ACCEPT $IPTABLES -A FORWARD -d $TRACKER_IP -s 192.168.17.0/24 -j REJECT $IPTABLES -A FORWARD -d $TORRENTS_IP -s 192.168.17.0/24 -j REJECT $IPTABLES -A FORWARD -d $EOGLI -s 192.168.17.1 -j ACCEPT $IPTABLES -A FORWARD -d $EOGLI -s 192.168.17.63 -j ACCEPT $IPTABLES -A FORWARD -d $EOGLI -s 192.168.17.0/24 -j REJECT $IPTABLES -A FORWARD -d $TORRENTS_IP -s 192.168.17.20 -j REJECT echo "Done rejecting tracker for some users" # #radmin $IPTABLES -i $LO_INT -A FORWARD -p tcp --dport 4899 -j REJECT echo "--- Some Ports Rejected" # #rejecting mdex via TMG INTERFACE #$IPTABLES -A FORWARD -o $TMG_INT -d 1.0.0.0/8 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 192.168.0.0/16 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 10.0.0.0/8 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 11.0.0.0/8 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 87.248.160.0/19 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 217.26.144.0/20 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 80.97.56.0/22 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 81.180.64.0/20 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 82.198.16.0/23 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 83.218.192.0/20 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 83.218.222.0/23 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 83.229.120.0/23 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 83.229.124.0/24 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 86.104.240.0/22 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 86.106.208.0/20 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 86.106.224.0/19 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 87.255.64.0/19 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 193.226.64.0/23 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 194.102.152.0/23 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.22.224.0/19 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.138.96.0/21 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.138.107.0/24 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.138.118.0/21 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.138.126.0/23 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 212.0.192.0/19 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 212.56.192.0/19 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 217.12.112.0/20 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 217.194.138.0/24 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 217.194.139.0/24 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.225.244.0/22 -j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.234.159.0/24-j REJECT #$IPTABLES -A FORWARD -o $TMG_INT -d 195.238.242.0/24 -j REJECT #echo "--Done rejecting MDEX forwarding via $TMG_INT" $IPTABLES -I FORWARD -i $LO_INT -p udp --dport 1:6200 -s 192.168.17.84 -j ACCEPT #rejecting radio from external #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 192.168.0.0/16 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 1.0.0.0/8 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 2.0.0.0/8 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 5.0.0.0/8 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 10.0.0.0/8 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 11.0.0.0/8 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 12.0.0.0/8 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 217.26.144.0/20 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 87.248.160.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 195.225.244.0/22 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 80.97.56.0/22 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 193.226.64.0/21 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 81.180.64.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 81.180.84.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 193.17.78.0/24 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 212.0.192.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 217.26.160.0/20 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 83.218.192.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 194.102.152.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 195.138.96.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 217.12.112.0/20 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 212.56.192.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 195.22.224.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 193.16.111.0/24 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 86.104.240.0/22 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 82.198.16.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 193.243.132.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 194.143.128.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 217.194.138.0/23 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 195.234.159.0/24 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 195.238.242.0/24 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 86.106.208.0/20 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -d 86.106.224.0/19 -j ACCEPT #$IPTABLES -A OUTPUT -s 87.248.174.101 -j REJECT echo " " echo "Accepting internet users..." ######### PEOPLE # echo "Kira accepted" echo "Accepting Visage (17.4)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $VISAGE -s 192.168.17.4 -j ACCEPT echo "Accepting Pasha (17.20)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.20 -j ACCEPT #$IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $PASHA -s 192.168.17.20 -j ACCEPT echo "Accepting Snach (17.13)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $SNACH -s 192.168.17.13 -j ACCEPT echo "Accepting Lena 7/3 (17.26)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $LENA73 -s 192.168.17.26 -j ACCEPT echo "Accepting Vladimir 3/3 (17.27)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $VLADIMIR33 -s 192.168.17.27 -j ACCEPT echo "Accepting Vlad 7/2 (17.34)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.34 -j ACCEPT echo "Accepting Cornelii 7/3 (17.45)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $CORNELII73 -s 192.168.17.45 -j ACCEPT echo "Accepting Liliana 3/1 (17.50)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $LILIANA31 -s 192.168.17.50 -j ACCEPT echo "Accepting Natasha 3/3 (17.54)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $NATASHA33 -s 192.168.17.54 -j ACCEPT echo "Accepting Cherveak 7/2 (17.7)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $CHERVEAK72 -s 192.168.17.7 -j ACCEPT echo "Accepting Balu 9/2 (17.55)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $BALU92 -s 192.168.17.55 -j ACCEPT echo "Accepting Metan 7/1 (17.63)" $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $METAN71 -s 192.168.17.63 -j ACCEPT echo "Accepting Dima 3/3 (17.66)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.66 -m mac --mac-source $DIMA33 -j ACCEPT echo "Accepting Kuba 3/1 (17.29)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.29 -m mac --mac-source $KUBA31 -j ACCEPT echo "Accepting Azza 3/2 (17.8)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.8 -m mac --mac-source $AZZA32 -j ACCEPT echo "Accepting Otilia 3/3 (17.72)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.72 -m mac --mac-source $OTILIA33 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $KIRA -s 192.168.17.69 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -m mac --mac-source $KIRA1 -s 192.168.17.69 -j ACCEPT echo "Accepting Wizard 7/3 (17.1, 77)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.77 -m mac --mac-source $WIZARD73 -j ACCEPT $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.1 -j ACCEPT echo "Accepting Denis 7/3 (17.39)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.39 -m mac --mac-source $DENIS73 -j ACCEPT echo "Accepting Nadea 5 (17.41)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.41 -m mac --mac-source $NADEA5 -j ACCEPT echo "Accepting Lena 3/1 (17.16)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.16 -m mac --mac-source $LENA31 -j ACCEPT echo "Accepting Dima 7/3 (17.42)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.42 -m mac --mac-source $DIMA73 -j ACCEPT echo "Accepting Iura 3/1 (17.21)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.21 -j ACCEPT echo "Accepting Alexandr 3/3 (17.58)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.58 -m mac --mac-source $ALEX33 -j ACCEPT #$IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.58 -j ACCEPT echo "Accepting Boris 7/1 (17.36)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.36 -m mac --mac-source $BORIS71 -j ACCEPT echo "Accepting Ghena 7/3 (17.18)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.18 -m mac --mac-source $GHENA73 -j ACCEPT echo "Accepting Tanea 7/2 (17.19)" $IPTABLES -A FORWARD -i $LO_INT -s 192.168.17.19 -j ACCEPT echo "---Done" ############################################# REJECTing all other ################################### /usr/sbin/iptables -I FORWARD -i eth1 -p tcp --dport 1:6400 -s 192.168.17.34 -j ACCEPT /usr/sbin/iptables -I FORWARD -i eth1 -p udp --dport 1:6400 -s 192.168.17.34 -j ACCEPT ##REJECTing echo " " $IPTABLES -A FORWARD -i $LO_INT -s 1.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 2.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 3.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 4.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 5.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 6.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 7.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 8.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 9.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 10.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 11.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 12.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 13.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 14.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 15.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 16.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 17.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 18.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 19.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 20.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 21.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 22.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 23.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 24.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 25.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 26.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 27.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 28.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 29.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 30.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 31.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 32.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 33.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 34.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 35.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 36.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 37.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 38.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 39.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 40.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 41.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 42.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 43.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 44.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 45.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 46.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 47.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 48.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 49.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 50.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 51.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 52.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 53.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 54.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 55.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 56.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 57.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 58.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 59.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 60.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 61.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 62.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 63.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 64.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 65.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 66.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 67.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 68.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 69.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 70.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 71.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 72.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 73.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 74.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 75.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 76.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 77.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 78.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 79.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 80.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 81.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 82.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 83.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 84.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 85.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 86.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 87.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 88.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 89.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 90.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 91.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 92.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 93.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 94.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 95.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 96.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 97.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 98.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 99.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 100.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 101.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 101.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 102.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 103.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 104.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 105.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 106.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 107.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 108.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 109.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 110.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 111.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 112.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 113.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 114.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 115.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 116.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 117.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 118.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 119.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 120.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 121.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 122.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 123.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 124.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 125.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 126.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 127.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 128.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 129.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 130.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 131.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 132.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 133.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 134.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 135.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 136.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 137.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 138.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 139.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 140.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 141.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 142.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 143.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 144.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 145.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 146.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 147.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 148.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 149.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 150.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 151.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 152.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 153.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 154.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 155.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 156.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 157.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 158.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 159.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 160.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 161.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 162.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 163.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 164.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 165.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 166.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 167.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 168.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 169.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 170.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 171.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 172.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 173.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 174.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 175.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 176.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 177.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 178.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 179.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 180.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 181.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 182.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 183.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 184.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 185.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 186.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 187.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 188.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 189.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 190.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 191.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 192.0.0.0/8 -d ! 192.168.17.254 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 193.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 194.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 195.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 196.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 197.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 198.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 199.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 200.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 200.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 201.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 202.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 203.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 204.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 205.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 206.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 207.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 208.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 209.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 210.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 211.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 212.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 213.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 214.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 215.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 216.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 217.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 218.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 219.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 220.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 221.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 222.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 223.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 224.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 225.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 226.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 227.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 228.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 229.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 230.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 231.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 232.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 233.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 234.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 235.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 236.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 237.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 238.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 239.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 240.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 241.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 242.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 243.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 244.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 245.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 246.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 247.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 248.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 249.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 250.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 251.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 252.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 253.0.0.0/8 -j REJECT $IPTABLES -A FORWARD -i $LO_INT -s 254.0.0.0/8 -j REJECT echo "--- 0/0 addresses forwarding REJECTed!" ### to g1 ADSL modem /sbin/ip rule del from 192.168.17.0/24 to 8.0.8.0/24 /sbin/ip rule add from 192.168.17.0/24 to 8.0.8.0/24 table ETH0 $IPTABLES -t nat -I POSTROUTING -s 192.168.17.0/24 -d 8.0.8.0/24 -j SNAT --to 8.0.8.15 #My settings (ports and IPs) $IPTABLES -t nat -I POSTROUTING -s 192.168.17.1 -d ! 192.168.17.0/24 -j SNAT --to 195.64.152.19 $IPTABLES -t nat -A PREROUTING -p tcp -i $SK_INT --dport 43749:43755 -j DNAT --to 192.168.17.1 $IPTABLES -t nat -A PREROUTING -p udp -i $SK_INT --dport 56000 -j DNAT --to 192.168.17.1 $IPTABLES -t nat -A PREROUTING -p udp -i $SK_INT --dport 24500 -j DNAT --to 192.168.17.1 #$IPTABLES -t nat -A PREROUTING -p tcp -i $SK_INT --dport 36631 -j DNAT --to 192.168.17.20 # # #Redirect from ereality.tk to g1 apache server $IPTABLES -t nat -A PREROUTING -p tcp -s 192.168.17.0/24 -d 193.33.61.2 --dport 80 -j DNAT --to-destination 192.168.17.254:80 # ########## DEFAULT VIA MEDIADAT ###################### ip ro del default ip route add default via 195.64.152.17 ip ro flush cache ####################################################### ###### NAT ####################################################### ######## #DNS ######## cp /conf/doc/dns_sk /service/dnscache/root/servers/@ cp /conf/doc/IPSEND_sk /service/dnscache/env/IPSEND svc -t /service/dnscache echo "--Done making Snat"