Iptables

#!/bin/bash
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
# Drop an IP address
# iptables -A INPUT -s 10.1.2.3 -j DROP
#
# Accept packets from trusted IP addresses using standard slash notation
# iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
#
# Accept packets from trusted IP/MAC addresses
# iptables -A INPUT -s 192.168.0.4 -m mac –mac-source 00:50:8D:FD:E6:32 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -L -v

OpenSSL CAs

#!/bin/bash
echo “Generating Root Key”
openssl genrsa -des3 -out root-ca.key 2048
echo “ok?”
read x

echo “Signing Root Cert”
openssl req -new -x509 -days 1825 -key root-ca.key -out root-ca.crt
echo “ok?”
read x

touch index.txt
mkdir certs
mkdir newcerts
mkdir crl
touch serial
echo “01\n”>serial
echo “” >> serial

echo “Generating Host Key and CSR”
openssl req -newkey rsa:2048 -keyout host.key -nodes -out host.req
echo “ok?”
read x

echo “Signing Host Cert”
openssl ca -keyfile root-ca.key -cert root-ca.crt -out host.crt -infiles host.req
echo “ok?”
read x

echo “Generating User Key and CSR”
openssl req -newkey rsa:2048 -keyout user.key -out user.req
echo “ok?”
read x

echo “Signing User Cert”
openssl ca -keyfile root-ca.key -cert root-ca.crt -out user.crt -infiles user.req
echo “ok?”
read x

echo “Bundling Cert and Key and Root cert”
openssl pkcs12 -export -out user.p12 -inkey user.key -in user.crt -certfile root-ca.crt
echo “ok?”
read x