Posts Tagged ‘zimbra port’

Zimbra Server Firewall

Posted: August 2, 2015 in Uncategorized
Tags: , , , , , , , , , , ,

Zimbra Firewall using Iptables

Use on your own risk.

#——————————————————— # Cut Here#——————————————————— #

#!/bin/sh
# firewall
# msyamsuri.cm@gmail.com
# description: Starts, stops iptables firewall

case “$1” in
start)

# Clear rules
iptables -t filter -F
iptables -t filter -X
echo – Clear rules : [OK]

# SSH In
iptables -t filter -A INPUT -p tcp –dport 22 -j ACCEPT
echo – SSH : [OK]

# Don’t break established connections
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
echo – established connections : [OK]

# Block all connections by default
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
echo – Block all connections : [OK]

# SYN-Flood Protection
iptables -N syn-flood
iptables -A syn-flood -m limit –limit 10/second –limit-burst 50 -j RETURN
iptables -A syn-flood -j LOG –log-prefix “SYN FLOOD: ”
iptables -A syn-flood -j DROP
echo – SYN-Flood Protection : [OK]

# Loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
echo – Loopback : [OK]

# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
echo – PING : [OK]

# DNS In/Out
iptables -t filter -A OUTPUT -p tcp –dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp –dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp –dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp –dport 53 -j ACCEPT
echo – DNS : [OK]

# NTP Out
iptables -t filter -A OUTPUT -p udp –dport 123 -j ACCEPT
echo – NTP : [OK]

# HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp –dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 443 -j ACCEPT
# HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp –dport 443 -j ACCEPT
echo – HTTP/HTTPS : [OK]

# Mail SMTP:25
iptables -t filter -A INPUT -p tcp –dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 25 -j ACCEPT
echo – SMTP : [OK]

# Mail POP3:110
iptables -t filter -A INPUT -p tcp –dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 110 -j ACCEPT
echo – POP : [OK]

# Mail IMAP:143
iptables -t filter -A INPUT -p tcp –dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 143 -j ACCEPT
echo – IMAP : [OK]

# Mail IMAP:443
iptables -t filter -A INPUT -p tcp –dport 443 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 443 -j ACCEPT
echo – IMAP : [OK]

# Mail IMAPS:993
iptables -t filter -A INPUT -p tcp –dport 993 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 993 -j ACCEPT
echo – IMAP : [OK]

# Mail POP3S:995
iptables -t filter -A INPUT -p tcp –dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 995 -j ACCEPT
echo – IMAP : [OK]

# Mail ZIMBRA ADMIN:7071
iptables -t filter -A INPUT -p tcp –dport 7071 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp –dport 7071 -j ACCEPT
echo – IMAP : [OK]
echo – Firewall [OK]
exit 0
;;

stop)
echo “Stopping Firewall… ”
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t filter -F
echo “Firewall Stopped!”
exit 0
;;

restart)
/etc/init.d/firewall stop
/etc/init.d/firewall start
;;

*)
echo “Usage: /etc/init.d/firewall {start|stop|restart}”
exit 1
;;
esac

#——————————————————— # Cut Here#——————————————————— #

Advertisements