Saturday, August 17, 2013

VERY basic iptables rules in a shell script.

I'm just putting this here for future reference.
#!/bin/sh

DEVICE=eth0

# Flush current rules.
iptables -F

# Set default policy to DROP for input, forward, and output.

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Allow all incoming SSH connections.
iptables -A INPUT -i $DEVICE -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $DEVICE -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# Allow all incoming traffic for port 80(HTTP)
iptables -A INPUT -i $DEVICE -p tcp --dports 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $DEVICE -p tcp --sports 80 -m state --state ESTABLISHED -j ACCEPT

# Allow all incoming traffic for port 443 (HTTPS)
iptables -A INPUT -i $DEVICE -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $DEVICE -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# Allow all outgoing traffic over HTTP, HTTPS, FTP, MySQL
iptables -A OUTPUT -o $DEVICE -p tcp --dports 21,80,443,3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $DEVICE -p tcp --sport 21,80,443,3306 -m state --state ESTABLISHED -j ACCEPT

# Allow outgoing ping
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

# Allow incoming ping
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

# Allow loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow outbound DNS connections.
iptables -A OUTPUT -p udp -o $DEVICE --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i $DEVICE --sport 53 -j ACCEPT

# Allow mail traffic (port 25)
#iptables -A INPUT -i $DEVICE -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -o $DEVICE -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT

# Log dropped packets
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 500/min -j LOG --log-prefix "Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP

Reference: http://www.thegeekstuff.com/2011/06/iptables-rules-examples/

Friday, August 16, 2013

librtmp and rtmpdump SRPM

In my current project I require librtmp for building cURL. I was not able to find a readily available source RPM nor was it in the CentOS repos. I built this on CentOS, but since there are no build dependencies you should be able to rebuild this on any RPM based distro.

You can find the source RPM here: rtmpdump-2.3-1.el6.src.rpm

If you prefer to build directly from the source, it can be found bundled with rtmpdump which can be found at mplayerhq.