|
@@ -0,0 +1,17 @@
|
|
|
+#!/bin/bash
|
|
|
+
|
|
|
+# redirects ports below 1024 to a higher range using iptables, so they can be used without elevated rights
|
|
|
+# MySQL SIP (3306 and 5060) are left out because they are >= 1024 anyways
|
|
|
+
|
|
|
+# ECHO FTP HTTP HTTPS SMB (NETBIOS UDP & TCP) SSH TELNET
|
|
|
+protocol=( "tcp" "tcp" "tcp" "tcp" "udp" "udp" "tcp" "tcp" "tcp" "tcp" )
|
|
|
+origin=( 7 21 80 443 137 138 137 139 22 23 )
|
|
|
+destination=( 28144 28169 28217 28580 28274 28275 28274 28276 28159 28160 ) # simply offset by 1024 + 27113
|
|
|
+length=${#protocol[@]} # count protocol elements
|
|
|
+
|
|
|
+for (( i=0; i<$length; i++ ))
|
|
|
+do
|
|
|
+ # echo ${protocol[$i]} ${origin[$i]} ${destination[$i]} # debug
|
|
|
+ iptables -t nat -A PREROUTING -p ${protocol[$i]} --dport ${origin[$i]} -j REDIRECT --to-ports ${destination[$i]}
|
|
|
+ iptables -t nat -A OUTPUT -p ${protocol[$i]} --dport ${destination[$i]} -j REDIRECT --to-ports ${origin[$i]}
|
|
|
+done
|