IPTables für Linux - IP-Leak Schutz

Discussion in 'Linux' started by Ghost, Nov 7, 2019.

  1. Ghost

    Ghost Junior Member

    Ich habe die Ports angepasst.

    Keine Garantie für Richtigkeit.
    Sollte jemand einen Fehler finden, darf er sich gerne melden.
    Datei wird dementsprechend angepasst.

    1) IPTables.sh

    Code:
    #!/bin/bash
    
    #Iptables Regeln für VPN:
    
    sudo iptables -t filter -A OUTPUT -o wlp2s0 -p udp -m multiport --dports 1148,148,1149,149,1150,150,1151,151,53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A OUTPUT -o wlp2s0 -p tcp -m multiport --dports 300,301,1142,142,1152,152 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A OUTPUT -o enp3s0 -p udp -m multiport --dports 1148,148,1149,149,1150,150,1151,151,53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A OUTPUT -o enp3s0 -p tcp -m multiport --dports 300,301,1142,142,1152,152 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A OUTPUT -o eth1 -p udp -m multiport --dports 1148,148,1149,149,1150,150,1151,151,53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A OUTPUT -o eth1 -p tcp -m multiport --dports 300,301,1142,142,1152,152 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A INPUT -i wlp2s0 -p udp -m multiport --sports 1148,148,1149,149,1150,150,1151,151,53 -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A INPUT -i wlp2s0 -p tcp -m multiport --sports 300,301,1142,142,1152,152 -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A INPUT -i enp3s0 -p udp -m multiport --sports 1148,148,1149,149,1150,150,1151,151,53 -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A INPUT -i enp3s0 -p tcp -m multiport --sports 300,301,1142,142,1152,152 -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A INPUT -i eth1 -p udp -m multiport --sports 1148,148,1149,149,1150,150,1151,151,53 -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A INPUT -i eth1 -p tcp -m multiport --sports 300,301,1142,142,1152,152 -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -t filter -A OUTPUT --dst 192.168.0.0/16 -j ACCEPT
    sudo iptables -t filter -A INPUT --src 192.168.0.0/16 -j ACCEPT
    sudo iptables -t filter -A OUTPUT --dst 10.0.0.0/8 -j ACCEPT
    sudo iptables -t filter -A INPUT --src 10.0.0.0/8 -j ACCEPT
    sudo iptables -t filter -A OUTPUT --dst 172.16.0.0/12 -j ACCEPT
    sudo iptables -t filter -A INPUT --src 172.16.0.0/12 -j ACCEPT
    
    sudo iptables -t filter -A OUTPUT -o wlp2s0 -j DROP
    sudo iptables -t filter -A INPUT -i wlp2s0 -j DROP
    sudo iptables -t filter -A OUTPUT -o enp3s0 -j DROP
    sudo iptables -t filter -A INPUT -i enp3s0 -j DROP
    sudo iptables -t filter -A OUTPUT -o eth1 -j DROP
    sudo iptables -t filter -A INPUT -i eth1 -j DROP 
    iptables dauerhaft speichern.

    2) iptables unter etc/iptables.up.rules speichern

    Code:
    sudo nano /etc/network/if-pre-up.d/iptables
    (Inhalt der Datei iptables)

    Code:
    #!/bin/bash
    /sbin/iptables-restore < /etc/iptables.up.rules

    4) Die Datei /etc/network/if-pre-up.d/iptables ausführbar machen.

    Code:
    chmod +x /etc/network/if-pre-up.d/iptables 



    ACHTUNG:

    Wenn dein Netzwerkadapter anders lautet, musst du es im Script anpassen.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice