Bridge

Linux‎ > ‎Iptables‎ > ‎

iptables bridge (transparent firewall)

bridge.sh

#!/bin/sh
#
#/etc/init.d/bridge



RETVAL=0

start() {
       action $"Starting bridging firewall:" true

       brctl addbr br0
       brctl addif br0 eth0
       brctl addif br0 eth1
       brctl setfd br0 1
       ifconfig br0 up
       ifconfig eth0 up
       ifconfig eth1 up

       modprobe ip_conntrack
       modprobe ip_conntrack_ftp

       echo

}

stop() {
       action $"Stopping bridging firewall:" true

       ifconfig eth1 down
       ifconfig eth0 down
       ifconfig br0 down
       brctl delif br0 eth1
       brctl delif br0 eth0
       brctl delbr br0

       echo

}


restart() {
       stop
       start
}

reload() {
       restart
}


case "$1" in
start)
       start
       ;;
stop)
       stop
       ;;
reload|restart)
       restart
       ;;
condrestart)
       if [ -f /var/lock/subsys/bridge ]; then
           restart
       fi
       ;;
*)
       echo $"Usage: $0 {start|stop|restart|condrestart|status}"
       exit 1
esac

exit $?
exit $RETVAL

bridge_firewall.sh

# allows connection tracking support, needed
modprobe ip_conntrack
modprobe ip_conntrack_ftp

iptables -P FORWARD DROP

# enables connection tracking, needed
iptables -I FORWARD -m state --state INVALID -j DROP
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# allows all outbound traffic
iptables -A FORWARD -p ALL -s 192.168.1.0/24 -d 0/0 -j ACCEPT

# allow inbound services
iptables -A FORWARD -p TCP -s 0/0 -d 192.168.1.2 --dport 80 -j ACCEPT

Comments

	Search this site