#!/bin/sh

#Stergem reglulile precedente
/usr/sbin/iptables -F

#Lasam serveru` sa faca trafic
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT

#Routam traficul prin server
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source x.x.x.x
echo 1 > /proc/sys/net/ipv4/ip_forward

#Oprim accesul pop, imap, etc (mail)... lasam doar LAN-ul
/usr/sbin/iptables -A INPUT -s ! 192.168.0.0/24 -p tcp -m multiport --dport 110,143 -j REJECT

#Oprim accesul ssh si lasam ce trebuie
/usr/sbin/iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -s y.y.y.y -p tcp --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -s ! z.z.z.z -p tcp --dport 22 -j REJECT

#Oprire Dc++, Kazza, etc
### Port DC++ Blockate ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 411 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 411 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 1411 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 1411 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 1412 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 1412 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6969 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6969 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 7778 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 7778 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4111 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4111 -j REJECT
## Port Kazza Block ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 1214 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 1214 -j REJECT

## Port HotLine Block ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 5500 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 5500 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 5501 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 5501 -j REJECT

## Port eDonkey Block ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 4661 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4661 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4663 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4663 -j REJECT

## Port Gnutella Block ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 6346 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6346 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6347 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6347 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6348 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6348 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 6355 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6355 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 5555 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 5555 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 7777 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 7777 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 8311 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8311 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 27910 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 27910 -j REJECT

### Napster ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 8889 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8889 -j REJECT

## Port IMesh Block ### 
/usr/sbin/iptables -A FORWARD -d 216.35.208.0/24 -j REJECT

## Port WinMX Block ###
/usr/sbin/iptables -I FORWARD -p tcp --dport 6257 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 6699 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 412 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 412 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 413 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 413 -j REJECT

## Port AudioGalaxxy Block ### 
/usr/sbin/iptables -I FORWARD -p tcp --dport 8875 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8875 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 8888 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 8888 -j REJECT

## Port Emule Block ##
/usr/sbin/iptables -I FORWARD -p tcp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4662 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4672 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4672 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4665 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4665 -j REJECT
/usr/sbin/iptables -I FORWARD -p tcp --dport 4711 -j REJECT
/usr/sbin/iptables -I FORWARD -p udp --dport 4711 -j REJECT

#impotriva scanarilor clandestine 
/usr/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

#################
Comentarii : x.x.x.x = ip. de net al serverului
192.168.0.1 = ip. lan al serverului
y.y.y.y = un ip. din ext. care vreau sa intre pe ssh
z.z.z.z = celalalt ip. din ext. care vreau sa se connecteze pe shh