![]() sbin/iptables-save > /etc/sysconfig/iptables $IPT -A OUTPUT -m state -state NEW,ESTABLISHED,RELATED -j ACCEPT $IPT -A FORWARD -i $IF_EXT -o $IF_OVPN -m state -state ESTABLISHED,RELATED -j ACCEPT $IPT -A FORWARD -i $IF_OVPN -o $IF_EXT -m state -state $IPT -A INPUT -i $IF_EXT -p udp -dport $OVPN_PORT -j ACCEPT ![]() $IPT -A INPUT -i $IF_EXT -p tcp -dport 22 -j ACCEPT $IPT -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT ![]() $IPT -A INPUT -p tcp -tcp-flags ALL NONE -j DROP $IPT -A FORWARD -m state -state INVALID -j DROP ![]() $IPT -A INPUT -m state -state INVALID -j DROP $IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
0 Comments
Leave a Reply. |