From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ashen@nsrz.ru>
X-Virus-Scanned: amavisd-new at nsrz.ru
From: =?koi8-r?b?+8XOw8XXIOHMxcvTxcog98zBxMnNydLP18ne?= <ashen@nsrz.ru>
Organization: =?koi8-r?b?7+Hv?= "=?koi8-r?b?7vPy+g==?="
To: sysadmins@lists.altlinux.org
Date: Wed, 5 Jul 2006 16:18:11 +0400
User-Agent: KMail/1.9.3
X-Face: 'QRI*AI~am"KKk`p4bg0l4ch1,
	=?koi8-r?q?=5BP=7EF=5Ew-u!q=5Bv=2EWl=24=7Bjo=7D68Zshm=25-QSKu=7C5=7D8pnQwrD?=
	=?koi8-r?q?=27J=0A=09=5Ex0BM=3FY=7CT?=)32~xr1='^e[i}1&j<gQARvYvYS\QcRMSLo$Z.a!F7A3-_'>f_o/X</4*TsM)
	=?koi8-r?q?=0A=09YWZ?=<#m*z+A2J,hyO6B3p/_4x3Fb;
	$Rqk5C9~GB1QB],4T^y?',.N[Dt||@Bi'k(
	=?koi8-r?q?YQyH=60Fl=0A=094x-ggbUT3=7BvcnhDG0BUbdl=5B=5C=7E+s=7B=5Fks=23?=
	=?koi8-r?q?rvo7?=(BIG<iS%z2C;
MIME-Version: 1.0
Content-Type: Multipart/Mixed;
  boundary="Boundary-00=_D46qEbySH6ZmUgv"
Message-Id: <200607051618.11916.ashen@nsrz.ru>
Subject: [Sysadmins] =?koi8-r?b?98nExc/Lz87GxdLFzsPJ0SDJIGlwdGFibGVz?=
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.7
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2006 12:20:09 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/200607051618.11916.ashen@nsrz.ru/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

--Boundary-00=_D46qEbySH6ZmUgv
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: base64
Content-Disposition: inline

68/N1SDc1M8gyc7UxdLF087PLgr6wcTB3sEg1yDTzMXE1cDdxc06IMnNxcXU09Eg18nExc/Gz84g
0yBpcC3BxNLF08/NIMnaIMTJwdDB2s/OwSAxOTIuMTY4LjIueC54LArJzsXULcHE0sXTICDbzMDa
wSDXIMnO1MXSzsXULCDOxc/CyM/Eyc3PIM/T1d3F09TXydTYINPX0drYINMgwcLPzsXO1MHNIMnX
CsnO1MXSzsXUxSwgyc3FwN3JzckgwsXM2cogaXAtwcTSxdMsINDSySDc1M/NIMHCz87FztTZIMTP
zNbO2SDJzcXU2ArXz9rNz9bOz9PU2CDX2drZ18HU2CDXycTFz8bPziwg0yDBxNLF08/NIDE5Mi4x
NjgueC54LiDwz8zV3sXOzs/FINLF28XOycUg188K18zP1sXOyckuIPfZ2s/XINfJxMXPxs/OwSDT
IGlwLcHE0sXTz80gydogxMnB0MHaz87BIDE5Mi4xNjguMi54Lngg0NLPydPIz8TJ1ArQzyBpcC3B
xNLF09Ugyc7UxdLOxdQt28zA2sEuCi0tCvMg1dfB1sXOycXNIPvFzsPF1yDhzMXL08XKIPfMwcTJ
zcnSz9fJ3i4KRS1tYWlsOiBhc2hlbkBuc3J6LnJ1CklDUTogMjcxMDUzODQ1Cg==

--Boundary-00=_D46qEbySH6ZmUgv
Content-Type: application/x-shellscript;
  name="myiptables2"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="myiptables2"

#!/bin/sh
#  =C4=CC=D1 =D5=C4=CF=C2=D3=D4=D7=C1, =C9=C2=CF =C9=CE=D4=C5=D2=C6=C5=CA=
=D3=CF=D7 =CE=C5=D3=CB=CF=CC=D8=CB=CF
INET_IFACE=3D""
LAN_IFACE=3D""
INET_IP=3D""
LAN_IP=3D""
LAN=3D""
LAN_MASK=3D"24"
BANK_IP=3D""
BANK_USER_IP1=3D""
BANK_USER_IP2=3D""
BANK_USER_IP3=3D""
ADMIN_IP1=3D""
ADMIN_IP2=3D""
=46REE_USER_IP1=3D""
=46REE_USER_IP2=3D""
=46REE_USER_IP3=3D""
=46REE_USER_IP4=3D""
CLAMWIN_UPDATE_IP1=3D""
CLAMWIN_DB_IP=3D""
# IP-=C1=C4=D2=C5=D3 =D7=C9=C4=C5=CF=C6=CF=CE=C1 =D7 =EC=F7=F3=20
VP_IP=3D""
# =E9=D3=D0=CF=CC=D8=DA=D5=C5=CD=D9=C5 =D0=CF=D2=D4=D9 =C4=CC=D1 =D7 =D2=C1=
=C2=CF=D4=C5 =D7=C9=C4=C5=CF=C6=CF=CE=C1
VP_PORTS=3D"389,522,1300,1718:1720,1503,11720,1731,15329:15332,32700:32799"
# IP-=C1=C4=D2=C5=D3=C1 =C1=C2=CF=CE=C5=CE=D4=CF=D7 =D7=C9=C4=C5=CF=C6=CF=
=CE=C1 =D7 =C9=CE=C5=D4=C5
VP_ABONENT1=3D""
VP_ABONENT2=3D""
VP_ABONENT3=3D""
VP_ABONENT4=3D""
VP_ABONENT5=3D""
VP_ABONENT6=3D""
VP_ABONENT7=3D""
VP_ABONENT8=3D""
VP_ABONENT9=3D""
VP_ABONENT10=3D""
VP_ABONENT11=3D""
VP_ABONENT12=3D""
# =D4=CF=D6=C5 =C4=CC=D1 =D5=C4=CF=C2=D3=D4=D7=C1
IPTABLES=3D"/sbin/iptables"
# =D7=CB=CC=C0=DE=C1=C5=CD =D0=C5=D2=C5=D3=D9=CC=CB=D5 =D0=C1=CB=C5=D4=CF=D7
#echo 1 > /proc/sys/net/ipv4/ip_forward
# =EF=D3=D4=C1=CE=C1=D7=CC=C9=D7=C1=C5=CD iptables
service iptables stop
# =D3=D4=C1=CE=C4=C1=D2=D4=CE=D9=C5 =C4=C5=CA=D3=D4=D7=C9=D1
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
# =D5=C4=C1=CC=D1=C5=CD =D7=D3=C5 =C9=CD=C5=C0=DD=C9=C5=D3=D1 =D0=D2=C1=D7=
=C9=CC=C1
$IPTABLES -F
$IPTABLES -X
# =D3=CF=DA=C4=C1=C5=CD =D3=D7=CF=C9 =C3=C5=D0=CF=DE=CB=C9
# =CF=D4=C2=D2=C1=D3=D9=D7=C1=C5=CD tcp =D3 =CE=C5=D0=D2=C1=D7=C9=CC=D8=CE=
=D9=CD=C9 =C6=CC=C1=C7=C1=CD=C9
$IPTABLES -N bad_tcp_packets
# tcp, =D0=D2=CF=DB=C5=C4=DB=C9=C5 =CF=D3=CE=CF=D7=CE=D5=C0 =D0=D2=CF=D7=C5=
=D2=CB=D5
$IPTABLES -N allowed
# =D7=D3=C5 =D0=C1=CB=C5=D4=D9 =D3=CF=CF=D4=D7. =D0=D2=CF=D4=CF=CB=CF=CC=CF=
=D7
$IPTABLES -N tcp_packets
$IPTABLES -N udp_packets
$IPTABLES -N icmp_packets
# =C2=C5=DA=D5=D3=CC=CF=D7=CE=CF =D2=C1=DA=D2=C5=DB=C1=C5=CD =D3=CF=C5=C4=
=C9=CE=C5=CE=C9=D1 =D0=CF =CC=CF=CB=C1=CC=D8=CE=CF=CD=D5 =C9=CE=D4=C5=D2=C6=
=C5=CA=D3=D5 (loopback, 127.0.0.1)
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
# =C2=C5=DA=D5=D3=CC=CF=D7=CE=CF =D2=C1=DA=D2=C5=DB=C1=C5=CD =D3=CF=C5=C4=
=C9=CE=C5=CE=C9=D1 =D0=CF =C9=CE=D4=C5=D2=C6=C5=CA=D3=D5 =EC=F7=F3 (et0)
$IPTABLES -A INPUT -i $LAN_IFACE -j ACCEPT
$IPTABLES -A OUTPUT -o $LAN_IFACE -j ACCEPT
# =D3=C0=C4=C1 =D0=CF=CA=C4=D5=D4 =D7=D3=C5 tcp-=D0=C1=CB=C5=D4=D9, =C9 =C2=
=D5=C4=D5=D4 =CF=D4=C2=D2=CF=DB=C5=CE=D9 =C9=CD=C5=C0=DD=C9=C5 =D3=D4=C1=D4=
=D5=D3 NEW, =CE=CF =CE=C5 =C9=CD=C5=C0=DD=C9=C5 =C6=CC=C1=C7=CF=D7 SYN,ACK
# =D0=D2=C5=C4=CF=C8=D2=C1=CE=D1=C5=D4 =CF=D4 =CF=D0=D2=C5=C4=C5=CC=C5=CE=
=CE=D9=C8 =D4=C9=D0=CF=D7 =C1=D4=C1=CB, =D0=CF=C4=D2=CF=C2=CE=CF=D3=D4=C9 =
=D7 =D0=D2=C9=CC=CF=D6=C5=CE=C9=C9 B4 =CB Iptables Tutorial
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --=
state NEW -j DROP
# =D0=D2=C9=CE=C9=CD=C1=C5=CD =D7=D3=C5 =D0=C1=CB=C5=D4=D9, =CF=D4=CE=CF=D3=
=D1=DD=C9=C5=D3=D1 =CB =D5=D6=C5 =D5=D3=D4=C1=CE=CF=D7=CC=C5=CE=CE=D9=CD =
=D3=CF=C5=C4=C9=CE=C5=CE=C9=D1=CD
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
# =C1 =D7=D3=C5 =CF=D3=D4=C1=CC=D8=CE=D9=C5 =C9=DA =DC=D4=CF=CA =C3=C5=D0=
=CF=DE=CB=C9 =D3=C2=D2=C1=D3=D9=D7=C1=C5=CD
$IPTABLES -A allowed -j DROP
# =DA=C4=C5=D3=D8 =CF=D4=CB=D2=D9=D7=C1=C5=CD  =CE=C5=CB=CF=D4=CF=D2=D9=C5 =
=D0=CF=D2=D4=D9, =D4.=CB. =D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0 =CD=D9 =DA=C1=
=CB=D2=D9=CC=C9 =D7=D3=A3
# =F3=EC=D5=DB=C1=C5=CD DNS
$IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 53 -j ACCEPT           # Dom=
ain Name Server
$IPTABLES -A udp_packets -p UDP -s 0/0 --sport 53 -j ACCEPT           # Dom=
ain Name Server
# =F0=D2=C9=CE=C9=CD=C1=C5=CD
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 20 -j ACCEPT  # Fi=
le Transfer [Default Data]
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 20 -j ACCEPT  # Fi=
le Transfer [Default Data]
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 21 -j ACCEPT  # Fi=
le Transfer [Control]
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 21 -j ACCEPT  # Fi=
le Transfer [Control]
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 25 -j ACCEPT   # Si=
mple Mail Transfer Protocol
$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 25 -j ACCEPT   # Si=
mple Mail Transfer Protocol
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 110 -j ACCEPT  # Po=
st Office Protocol - Version 3
$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 110 -j ACCEPT  # Po=
st Office Protocol - Version 3
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 995 -j ACCEPT # po=
p3 protocol over TLS/SSL
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 995 -j ACCEPT # po=
p3 protocol over TLS/SSL
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 143 -j ACCEPT # IM=
AP2
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 143 -j ACCEPT # IM=
AP2
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m udp --dport 220 -j ACCEPT # IM=
AP3
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 220 -j ACCEPT # IM=
AP3
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 993 -j ACCEPT # IM=
AP4
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 993 -j ACCEPT # IM=
AP4
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 80 -j ACCEPT   # Wo=
rld Wide Web HTTP
$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 80 -j ACCEPT   # Wo=
rld Wide Web HTTP
#$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 443 -j ACCEPT # ht=
tp protocol over TLS/SS
#$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 443 -j ACCEPT # ht=
tp protocol over TLS/SS
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 5222 -j ACCEPT # Ja=
bber Client Connection
$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 5222 -j ACCEPT # Ja=
bber Client Connection
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --dport 5269 -j ACCEPT # Ja=
bber Server Connection
$IPTABLES -A INPUT -i $INET_IFACE -p udp -m udp --dport 5269 -j ACCEPT # Ja=
bber Server Connection
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m multiport --dport $VP_PORTS -j =
ACCEPT   # VideoPhone
$IPTABLES -A INPUT -i $INET_IFACE -p udp -m multiport --dport $VP_PORTS -j =
ACCEPT   # VideoPhone
# =F0=D2=C9=CE=C9=CD=C1=C5=CD =D5=D3=D4=C1=CE=CF=D7=CC=C5=CE=CE=C7=D9=C5 =
=D3=CF=C5=C4=C5=CE=C5=CE=C9=D1
$IPTABLES -A INPUT -i $INET_IFACE -m state --state RELATED,ESTABLISHED -j A=
CCEPT
# =F0=D2=C9=CE=C9=CD=C1=C5=CD =C6=CF=D2=D7=C1=D2=C4=C9=CE=C7 =C4=CC=D1 =D5=
=D3=D4=C1=CE=CF=D7=CC=C5=CE=CE=D9=C8 =D3=CF=C5=C4=C9=CE=C5=CE=C9=CA
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#=EE=D5 =C1 =D4=C5=D0=C5=D2=D8 =DA=C1=CA=CD=A3=CD=D3=D1 =CF=D2=C7=C1=CE=C9=
=DA=C1=C3=C9=C5=CA =D7=D9=C8=CF=C4=C1 =D7 =C9=CE=C5=D4 =CF=D0=D2=C5=C4=C5=
=CC=A3=CE=CE=D9=C8 =CB=C1=D4=C5=C7=CF=D2=C9=CA =C0=DA=C5=D2=CF=D7
#=E1=C4=CD=C9=CE=D5 =CD=CF=D6=CE=CF =D7=D3=A3 ... :)
$IPTABLES -t nat -A POSTROUTING -s $ADMIN_IP1 -d ! $LAN/$LAN_MASK -o $INET_=
IFACE -j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $ADMIN_IP1 -d ! $LAN/$LAN_MASK -j ACCEPT
#$IPTABLES -t nat  -A POSTROUTING -s $ADMIN_IP2 -d ! $LAN/$LAN_MASK -o $INE=
T_IFACE -j SNAT --to-source $INET_IP
#$IPTABLES -A FORWARD -s $ADMIN_IP2 -d ! $LAN/$LAN_MASK -j ACCEPT
# =F0=D2=C9=CE=C9=CD=C1=C5=CD =D5=D3=D4=C1=CE=CF=D7=CC=C5=CE=CE=CF=C5 =D3=
=CF=C5=C4=C5=CE=C5=CE=C9=D1 =CE=C1 $INET_IFACE
$IPTABLES -A INPUT -i $INET_IFACE -m state --state RELATED,ESTABLISHED -j A=
CCEPT
#=E1 =DC=D4=CF =D7=D9=C8=CF=C4 ClamAV =D3 1C_Srv =C4=CC=D1 =CF=C2=CE=CF=D7=
=CC=C5=CE=C9=D1 =C2=C1=DA
$IPTABLES -t nat -A POSTROUTING -s $CLAMWIN_UPDATE_IP1 -d $CLAMWIN_DB_IP -o=
 $INET_IFACE -j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $CLAMWIN_UPDATE_IP1 -d $CLAMWIN_DB_IP -j ACCEPT
#=E6=CF=D2=D7=C1=D2=C4=C9=CE=C7 =C4=CC=D1 =C2=CC=C1=D4=CE=D9=C8, =CB=CF=C7=
=C4=C1 =C1=C4=CD=C9=CE =C4=CF=C2=D2=D9=CA
#$IPTABLES -t nat  -A POSTROUTING -s $FREE_USER_IP1 -d ! $LAN/$LAN_MASK -o =
$INET_IFACE -j SNAT --to-source $INET_IP
#$IPTABLES -A FORWARD -s $FREE_USER_IP1 -d ! $LAN/$LAN_MASK -j ACCEPT
#$IPTABLES -t nat  -A POSTROUTING -s $FREE_USER_IP2 -d ! $LAN/$LAN_MASK -o =
$INET_IFACE -j SNAT --to-source $INET_IP
#$IPTABLES -A FORWARD -s $FREE_USER_IP2 -d ! $LAN/$LAN_MASK -j ACCEPT
#$IPTABLES -t nat  -A POSTROUTING -s $FREE_USER_IP3 -d ! $LAN/$LAN_MASK -o =
$INET_IFACE -j SNAT --to-source $INET_IP
#$IPTABLES -A FORWARD -s $FREE_USER_IP3 -d ! $LAN/$LAN_MASK -j ACCEPT
#$IPTABLES -t nat  -A POSTROUTING -s $FREE_USER_IP4 -d ! $LAN/$LAN_MASK -o =
$INET_IFACE -j SNAT --to-source $INET_IP
#$IPTABLES -A FORWARD -s $FREE_USER_IP4 -d ! $LAN/$LAN_MASK -j ACCEPT
# NAT =C4=CC=D1 =D0=D2=CF=C7=D2=C1=CD=CD =D4=C9=D0=C1 =C2=C1=CE=CB-=CB=CC=
=C9=C5=CE=D4, =CE=C5 =D6=C5=CC=C1=C0=DD=C9=C8 =D2=C1=C2=CF=D4=C1=D4=D8 =DE=
=C5=D2=C5=DA =D0=D2=CF=CB=D3=C9-=D3=C5=D2=D7=C5=D2.
# =E4=CC=D1 =DC=D4=C9=C8 =D0=D2=CF=DB=D2=C1=CD=CD =CE=D5=D6=CE=CF =D5 =CB=
=CC=C9=C5=CE=D4=C1 =CF=D4=CB=CC=C0=DE=C9=D4=D8 =D0=D2=CF=CB=D3=C9-=D3=C5=D2=
=D7=C5=D2 =C4=CC=D1 ftp.
$IPTABLES -t nat  -A POSTROUTING -s $BANK_USER_IP1 -d $BANK_IP -o $INET_IFA=
CE -j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $BANK_USER_IP1 -d $BANK_IP -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $BANK_USER_IP2 -d $BANK_IP -o $INET_IFA=
CE -j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $BANK_USER_IP2 -d $BANK_IP -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $BANK_USER_IP3 -d $BANK_IP -o $INET_IFA=
CE -j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $BANK_USER_IP3 -d $BANK_IP -j ACCEPT
# =F7=D9=C8=CF=C4 =D7 =C9=CE=C5=D4 =C4=CC=D1 ip-=D7=C9=C4=C5=CF=C6=CF=CE=C1
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT1 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT1 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT2 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT2 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT3 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT3 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT4 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT4 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT5 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT5 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT6 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT6 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT7 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT7 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT8 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT8 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT9 -o $INET_IFACE -=
j SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT9 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT10 -o $INET_IFACE =
=2Dj SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT10 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT11 -o $INET_IFACE =
=2Dj SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT11 -j ACCEPT
$IPTABLES -t nat  -A POSTROUTING -s $VP_IP -d $VP_ABONENT12 -o $INET_IFACE =
=2Dj SNAT --to-source $INET_IP
$IPTABLES -A FORWARD -s $VP_IP -d $VP_ABONENT12 -j ACCEPT
# =F7=C8=CF=C4 =CB =CE=C1=CD
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT1 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT1 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT1 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT1 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT2 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT2 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT2 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT2 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT3 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT3 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT3 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT3 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT4 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT4 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT4 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT4 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT5 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT5 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT5 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT5 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT6 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT6 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT6 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT6 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT7 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT7 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT7 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT7 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT8 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT8 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT8 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT8 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT9 -i $INET_IFACE -p tcp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT9 -i $INET_IFACE -p udp -m mul=
tiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT9 -i $INET_IFACE -p tcp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT9 -i $INET_IFACE -p udp -m multiport --d=
port $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT10 -i $INET_IFACE -p tcp -m mu=
ltiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT10 -i $INET_IFACE -p udp -m mu=
ltiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT10 -i $INET_IFACE -p tcp -m multiport --=
dport $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT10 -i $INET_IFACE -p udp -m multiport --=
dport $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT11 -i $INET_IFACE -p tcp -m mu=
ltiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT11 -i $INET_IFACE -p udp -m mu=
ltiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT11 -i $INET_IFACE -p tcp -m multiport --=
dport $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT11 -i $INET_IFACE -p udp -m multiport --=
dport $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT12 -i $INET_IFACE -p tcp -m mu=
ltiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -t nat -A PREROUTING -s $VP_ABONENT12 -i $INET_IFACE -p udp -m mu=
ltiport --dport $VP_PORTS -j DNAT --to-destination $VP_IP
$IPTABLES -A FORWARD -s $VP_ABONENT12 -i $INET_IFACE -p tcp -m multiport --=
dport $VP_PORTS -d $VP_IP -j ACCEPT
$IPTABLES -A FORWARD -s $VP_ABONENT12 -i $INET_IFACE -p udp -m multiport --=
dport $VP_PORTS -d $V=C4=D1=DD=C9=C8 =D3=CF=C5=C4=C5=CE=C5=CE=C9=CA =CE=C1 =
$INET_IFACE
$IPTABLES -A INPUT -i $INET_IFACE -p tcp -m tcp --tcp-flags FIN,SYN,ACK SYN=
 -j LOG --log-level 7 --log-tcp-option
# =F0=C9=DB=C5=CD =CC=CF=C7 =C4=CC=D1 =C9=D3=C8=CF=C4=D1=DD=C9=C8 =D3=CF=C5=
=C4=C5=CE=C5=CE=C9=CA =CE=C1 $INET_IFACE
$IPTABLES -A OUTPUT -o $INET_IFACE -p tcp -m tcp --tcp-flags FIN,SYN,ACK SY=
N -j LOG --log-level 7 --log-tcp-option
# =CE=C1=D3=D4=C1=CC =DE=C5=D2=C5=C4 ICMP ...
# =C9=DA-=DA=C1 =D3=C9=D3=D4=C5=CD=D9 =D7=C9=C4=C5=CF=CB=CF=CE=C6=C9=D2=C5=
=CE=C3=C9=C9, =C9=D3=D0=CF=CC=D8=DA=D5=C0=DD=D5=C0 icmp, =D0=D2=C9=C4=A3=D4=
=D3=D1 =C5=C7=CF =D2=C1=DA=D2=C5=DB=C9=D4=D8,
# =CE=CF =CF=C7=D2=C1=CE=C9=DE=C5=CD 5-=C0 =D0=C1=CB=C5=D4=C1=CD=C9 =D7 =D3=
=C5=CB=D5=CE=C4=D5 =C9 =CD=C1=CB=D3=C9=CD=C1=CC=D8=CE=D9=CD =D2=C1=DA=CD=C5=
=D2=CF=CD =D7 110 =C2=C1=CA=D4
$IPTABLES -A INPUT -p icmp -i $INET_IFACE -m limit -m length --limit 5/seco=
nd --limit-burst 10 --length :110 -j ACCEPT
# =D0=CF =D0=CF=D7=CF=C4=D5 =CF=D4=D0=D2=C1=D7=CB=C9 =C2=D5=C4=C5=D4 =CD=C5=
=CE=C5=C5 =D6=C1=C4=CE=D9 - 10 =D0=C1=CB=C5=D4=CF=D7 =D7 =D3=C5=CB=D5=CE=C4=
=D5
$IPTABLES -A OUTPUT -p icmp -o $INET_IFACE -m limit -m length --limit 10/se=
cond --limit-burst 20 --length :110 -j ACCEPT
# =D2=C1=DA=D7=CF=C4=C9=CD =D0=C1=CB=C5=D4=D9 =D0=CF =D3=CF=CF=D4=D7. =C3=
=C5=D0=CF=DE=CB=C1=CD
# tcp =D5=C8=CF=C4=C9=D4 =CE=C1 =C4=CF=D0. =D0=D2=CF=D7=C5=D2=CB=D5
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
# =D7=D3=C5 =D0=C1=CB=C5=D4=D9, =CF=D4=CE=CF=D3=D1=DD=C9=C5=D3=D1 =CB =D5=
=D6=C5 =D5=D3=D4=C1=CE=CF=D7=CC=C5=CE=CE=D9=CD =D3=CF=C5=C4=C9=CE=C5=CE=C9=
=D1=CD (=C4=CC=D1 tcp
# =C9=DA-=DA=C1 =CF=D4=C4=C5=CC=D8=CE=CF=CA =C3=C5=D0=CF=DE=CB=C9 =D0=D2=C9=
=DB=CC=CF=D3=D8 =DC=D4=CF =D0=D2=C1=D7=C9=CC=CF =C5=DD=C5 =D2=C1=DA =D5=CB=
=C1=DA=C1=D4=D8 =D7=D9=DB=C5)
$IPTABLES -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELAT=
ED -j ACCEPT
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets
$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
# =F3=CF=C8=D2=C1=CE=D1=C5=CD =CE=C1=C2=CF=D2 =D0=D2=C1=D7=C9=CC =D7 /etc/s=
ysconfig/iptables
service iptables save
# EOF

--Boundary-00=_D46qEbySH6ZmUgv--