Script to place in DMZ

So I had to place a small server in my home DMZ leaving it opened to the whole world with the corresponding risks this has. Wondering how to allow access from my home LAN I came up with the following iptables script.

#!/bin/bash

IPTABLES=/sbin/iptables
INT=eth0

startiptables() {
	if [ ${UID} -eq 0 ]; then
		${IPTABLES} -A INPUT -i ${INT} -s 192.168.1.0/24 -j ACCEPT
		${IPTABLES} -A INPUT -i ${INT} -m state --state RELATED,ESTABLISHED -j ACCEPT
		${IPTABLES} -A INPUT -i ${INT} -j REJECT
	else
                echo "Your UID is: ${UID}. Execute as superuser please"
        fi
}

stopiptables() {
	if [ ${UID} -eq 0 ]; then
		${IPTABLES} -F
		${IPTABLES} -L
	else
                echo "Your UID is: ${UID}. Execute as superuser please"
        fi
}

statusiptables() {
	if [ ${UID} -eq 0 ]; then
		${IPTABLES} -L
	else
		echo "Your UID is: ${UID}. Execute as superuser please"
	fi
}

case "$1" in
	start)	startiptables ;;
	stop)	stopiptables ;;
	status) statusiptables ;;
	*) echo "usage: $0 start|stop|status" >&2
		exit 1
		;;
esac

Pretty simple as you can see. It will allow all connections from inside home LAN and block all unrelated traffic coming from the public, except the related and established ones. Substitute the classic class C on script for your corresponding home/work network.

Leave a Reply Cancel reply

You must be logged in to post a comment.