1e31 Better offline than sorry - Telecomix Crypto Munitions Bureau

Better offline than sorry

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search
#!/usr/bin/env bash
# Firewall script for IPREDATOR
# by Joe "Pragmatk", Feb 2010
# This script does not remove any rules; it only adds new.
# (read: it can be used with your other firewall scripts without problems)
# I suggest you place this in /etc/ppp/ip-up.d/9999_ipredator

#If the rules already exist, there's not reason to run this script again
if iptables -S ipredator_in 2&>/dev/null; then exit 0; fi

################  IN #######################
iptables -N ipredator_in

#accept connections to and from ppp0 (tunneled IPREDATOR traffic)
iptables -A ipredator_in --in-interface ppp0  -j RETURN

#accept connections to and from lo (on the loopback interface)
iptables -A ipredator_in --in-interface lo  -j RETURN

#allow communication in subnets
iptables -A ipredator_in --source 10.0.0.0/8     -j RETURN
iptables -A ipredator_in --source 172.16.0.0/12  -j RETURN
iptables -A ipredator_in --source 169.254.0.0/16 -j RETURN
iptables -A ipredator_in --source 192.168.0.0/16 -j RETURN

#accept connections to the IPREDATOR servers
iptables -A ipredator_in --source 93.182.152.2 -j RETURN
iptables -A ipredator_in --source 93.182.153.2 -j RETURN
iptables -A ipredator_in --source 93.182.164.2 -j RETURN
iptables -A ipredator_in --source 93.182.179.2 -j RETURN
iptables -A ipredator_in --source 93.182.180.2 -j RETURN
iptables -A ipredator_in --source 93.182.181.2 -j RETURN
iptables -A ipredator_in --source 93.182.185.2 -j RETURN
iptables -A ipredator_in --source 93.182.186.2 -j RETURN
iptables -A ipredator_in --source 93.182.187.2 -j RETURN
iptables -A ipredator_in --source 93.182.188.2 -j RETURN
iptables -A ipredator_in --source 93.182.189.2 -j RETURN
iptables -A ipredator_in --source 93.182.190.2 -j RETURN
iptables -A ipredator_in --source 93.182.130.2 -j RETURN
iptables -A ipredator_in --source 93.182.132.2 -j RETURN
iptables -A ipredator_in --source 93.182.133.2 -j RETURN
iptables -A ipredator_in --source 93.182.146.2 -j RETURN
iptables -A ipredator_in --source 93.182.147.2 -j RETURN
iptables -A ipredator_in --source 93.182.148.2 -j RETURN
iptables -A ipredator_in --source 93.182.149.2 -j RETURN
iptables -A ipredator_in --source 93.182.150.2 -j RETURN
iptables -A ipredator_in --source 93.182.151.2 -j RETURN

#reject everything not matched with the error msg "icmp-net-unreachable"
iptables -A ipredator_in -j REJECT --reject-with icmp-host-unreachable

################ OUT #######################
iptables -N ipredator_out

#accept connections to and from ppp0 (tunneled IPREDATOR traffic)
iptables -A ipredator_out --out-interface ppp0 -j RETURN

#accept connections to and from lo (o
1fe4
n the loopback interface)
iptables -A ipredator_out --out-interface lo -j RETURN

#allow communication in subnets
iptables -A ipredator_out --destination 10.0.0.0/8     -j RETURN
iptables -A ipredator_out --destination 172.16.0.0/12  -j RETURN
iptables -A ipredator_out --destination 169.254.0.0/16 -j RETURN
iptables -A ipredator_out --destination 192.168.0.0/16 -j RETURN

iptables -A ipredator_out --destination 93.182.152.2 -j RETURN
iptables -A ipredator_out --destination 93.182.153.2 -j RETURN
iptables -A ipredator_out --destination 93.182.164.2 -j RETURN
iptables -A ipredator_out --destination 93.182.179.2 -j RETURN
iptables -A ipredator_out --destination 93.182.180.2 -j RETURN
iptables -A ipredator_out --destination 93.182.181.2 -j RETURN
iptables -A ipredator_out --destination 93.182.185.2 -j RETURN
iptables -A ipredator_out --destination 93.182.186.2 -j RETURN
iptables -A ipredator_out --destination 93.182.187.2 -j RETURN
iptables -A ipredator_out --destination 93.182.188.2 -j RETURN
iptables -A ipredator_out --destination 93.182.189.2 -j RETURN
iptables -A ipredator_out --destination 93.182.190.2 -j RETURN
iptables -A ipredator_out --destination 93.182.130.2 -j RETURN
iptables -A ipredator_out --destination 93.182.132.2 -j RETURN
iptables -A ipredator_out --destination 93.182.133.2 -j RETURN
iptables -A ipredator_out --destination 93.182.146.2 -j RETURN
iptables -A ipredator_out --destination 93.182.147.2 -j RETURN
iptables -A ipredator_out --destination 93.182.148.2 -j RETURN
iptables -A ipredator_out --destination 93.182.149.2 -j RETURN
iptables -A ipredator_out --destination 93.182.150.2 -j RETURN
iptables -A ipredator_out --destination 93.182.151.2 -j RETURN

#reject everything not matched with the error msg "icmp-net-unreachable"
iptables -A ipredator_out -j REJECT --reject-with icmp-host-unreachable

#run through our rules for both ingoing and outgoing
iptables -A INPUT  -j ipredator_in
iptables -A OUTPUT -j ipredator_out
Retrieved from "https://cryptoanarchy.org/wiki/Better_offline_than_sorry"
Personal tools
0