{"id":1454,"date":"2018-01-02T15:08:40","date_gmt":"2018-01-02T20:08:40","guid":{"rendered":"http:\/\/www.xavignu.com\/?p=1454"},"modified":"2018-01-04T15:08:25","modified_gmt":"2018-01-04T20:08:25","slug":"script-to-place-in-dmz","status":"publish","type":"post","link":"https:\/\/www.xavignu.com\/?p=1454","title":{"rendered":"Script to place in DMZ"},"content":{"rendered":"

So I had to place a small server in my home DMZ<\/a> leaving it opened to the whole world with the corresponding risks this has. Wondering how to allow access from my home LAN<\/a> I came up with the following iptables<\/a> script.<\/p>\n

[bash]
\n#!\/bin\/bash<\/p>\n

IPTABLES=\/sbin\/iptables
\nINT=eth0<\/p>\n

startiptables() {
\n\tif [ ${UID} -eq 0 ]; then
\n\t\t${IPTABLES} -A INPUT -i ${INT} -s 192.168.1.0\/24 -j ACCEPT
\n\t\t${IPTABLES} -A INPUT -i ${INT} -m state –state RELATED,ESTABLISHED -j ACCEPT
\n\t\t${IPTABLES} -A INPUT -i ${INT} -j REJECT
\n\telse
\n echo “Your UID is: ${UID}. Execute as superuser please”
\n fi
\n}<\/p>\n

stopiptables() {
\n\tif [ ${UID} -eq 0 ]; then
\n\t\t${IPTABLES} -F
\n\t\t${IPTABLES} -L
\n\telse
\n echo “Your UID is: ${UID}. Execute as superuser please”
\n fi
\n}<\/p>\n

statusiptables() {
\n\tif [ ${UID} -eq 0 ]; then
\n\t\t${IPTABLES} -L
\n\telse
\n\t\techo “Your UID is: ${UID}. Execute as superuser please”
\n\tfi
\n}<\/p>\n

case “$1” in
\n\tstart)\tstartiptables ;;
\n\tstop)\tstopiptables ;;
\n\tstatus) statusiptables ;;
\n\t*) echo “usage: $0 start|stop|status” >&2
\n\t\texit 1
\n\t\t;;
\nesac
\n[\/bash]<\/p>\n

Pretty simple as you can see. It will allow all connections from inside home LAN and block all unrelated traffic coming from the public, except the related and established ones. Substitute the classic class C<\/a> on script for your corresponding home\/work network.<\/p>\n","protected":false},"excerpt":{"rendered":"

So I had to place a small server in my home DMZ leaving it opened to the whole world with the corresponding risks this has. Wondering how to allow access from my home LAN I came up with the following iptables script. [bash] #!\/bin\/bash IPTABLES=\/sbin\/iptables INT=eth0 startiptables() { if [ ${UID} -eq 0 ]; then […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[3],"tags":[56,4,6,70],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_shortlink":"https:\/\/wp.me\/pTQgt-ns","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts\/1454"}],"collection":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1454"}],"version-history":[{"count":3,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts\/1454\/revisions"}],"predecessor-version":[{"id":1461,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=\/wp\/v2\/posts\/1454\/revisions\/1461"}],"wp:attachment":[{"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xavignu.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}