-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstart6.fw
52 lines (44 loc) · 1.36 KB
/
start6.fw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
# A Linux Shell Script with common rules for IPTABLES Firewall.
# By default this script only open port 80, 22, 53 (input)
# All outgoing traffic is allowed (default - output)
# -------------------------------------------------------------------------
# Copyright (c) 2012 Naqsh Jahan Toos Inc. <http://jnaqsh.com/>
# This script is licensed under GNU GPL version 3.0 or above
# -------------------------------------------------------------------------
IPT6="/sbin/ip6tables"
SPAMLIST="blockedip"
SPAMDROPMSG="BLOCKED IP DROP"
PUB_IF="eth0"
PRI_IF="eth1"
echo "Starting IPv6 Wall..."
$IPT6 -F
$IPT6 -X
$IPT6 -Z
for table in $(</proc/net/ip6_tables_names)
do
$IPT6 -t $table -F
$IPT6 -t $table -X
$IPT6 -t $table -Z
done
[ -f /root/iptables_firewall/blocked.ip6s.txt ] && BADIPS=$(egrep -v -E "^#|^$" /root/iptables_firewall/blocked.ip6s.txt)
#unlimited
$IPT6 -A INPUT -i lo -j ACCEPT
$IPT6 -A OUTPUT -o lo -j ACCEPT
# DROP all incomming traffic
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP
if [ -f ~/scripts/iptables_firewall/blocked.ip6s.txt ];
then
# create a new iptables list
$IPT6 -N $SPAMLIST
for ipblock in $BADIPS
do
$IPT6 -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
$IPT6 -A $SPAMLIST -s $ipblock -j DROP
done
$IPT6 -I INPUT -j $SPAMLIST
$IPT6 -I OUTPUT -j $SPAMLIST
$IPT6 -I FORWARD -j $SPAMLIST
fi