clockwerk-tools – Rev 22

Subversion Repositories:
Rev:
#!/bin/bash
###########################################################################
##  Copyright (C) Wizardry and Steamworks 2014 - License: GNU GPLv3      ##
##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
##  rights of fair usage, the disclaimer and warranty conditions.        ##
###########################################################################

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# SSH Guard
iptables -N sshguard
iptables -A INPUT -j sshguard
ip6tables -A INPUT -j sshguard
# Drop by default
iptables -P INPUT DROP
# Always accept loopback
iptables -A INPUT -i lo -j ACCEPT
# Measure idle for suspend
iptables -A INPUT -i eth0 -p tcp -m multiport --dport 9000,80 -j IDLETIMER --timeout 600 --label clockwerk
# Shaping traffic
iptables -t mangle -A PREROUTING -p tcp --dport 9000 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p udp --dport 9000 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport 9000 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p udp --sport 9000 -j TOS --set-tos Minimize-Delay
# Accept related
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# SSH
iptables -A INPUT -i eth0 -p tcp --dport 54377 -j ACCEPT
# OpenSim
iptables -A INPUT -i eth0 -p tcp --dport 9000:9000 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 9000:9000 -j ACCEPT
# Web
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
# Samba
iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT

# Save
iptables-save > /etc/iptables/rules.v4