Linux‎ > ‎Iptables‎ > ‎

Bridge

iptables bridge (transparent firewall)

bridge.sh

#!/bin/sh # #/etc/init.d/bridge RETVAL=0 start() { action $"Starting bridging firewall:" true brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 brctl setfd br0 1 ifconfig br0 up ifconfig eth0 up ifconfig eth1 up modprobe ip_conntrack modprobe ip_conntrack_ftp echo } stop() { action $"Stopping bridging firewall:" true ifconfig eth1 down ifconfig eth0 down ifconfig br0 down brctl delif br0 eth1 brctl delif br0 eth0 brctl delbr br0 echo } restart() { stop start } reload() { restart } case "$1" in start) start  ;; stop) stop  ;; reload|restart) restart  ;; condrestart) if [ -f /var/lock/subsys/bridge ]; then restart fi  ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|status}" exit 1 esac exit $? exit $RETVAL

bridge_firewall.sh

# allows connection tracking support, needed modprobe ip_conntrack modprobe ip_conntrack_ftp iptables -P FORWARD DROP # enables connection tracking, needed iptables -I FORWARD -m state --state INVALID -j DROP iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # allows all outbound traffic iptables -A FORWARD -p ALL -s 192.168.1.0/24 -d 0/0 -j ACCEPT # allow inbound services iptables -A FORWARD -p TCP -s 0/0 -d 192.168.1.2 --dport 80 -j ACCEPT
Comments