#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#/usr/bin/setterm -powersave off -blank 0
#/usr/local/bin/cmatrix -C green -u 2
#/usr/bin/clear
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 3128
##### block https facebook, but certain IP allow
iptables -I FORWARD -m tcp -p tcp -d 31.13.0.0/16 --dport 443 -s ! 192.168.20.11 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 173.252.0.0/16 --dport 443 -j REJECT
iptables -I FORWARD -p tcp -d 74.115.0.34 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 74.115.0.35 --dport 443 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 74.125.235.3 --dport 443 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 69.171.228.24 --dport 443 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 69.171.0.0/24 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 204.15.0.0/24 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 66.220.0.0/24 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 46.137.3.43 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 174.129.97.137 -j REJECT
iptables -I FORWARD -m tcp -p tcp -d 184.72.181.177 -j REJECT
######bock CAMPROG, voice call
iptables -A FORWARD -p tcp --dport 2779 -j DROP
iptables -A FORWARD -p tcp --dport 5100 -j DROP
iptables -A FORWARD -p udp --dport 5222 -j DROP
iptables -A FORWARD -p tcp --dport 5228 -j DROP
exit 0
Friday, December 20, 2013
Subscribe to:
Post Comments (Atom)
Loading...
No comments:
Post a Comment