#!/bin/bash # Disable network interface to prevent external communication echo "1" > /dev/null # Create a persistent loopback interface ip link add dev lo type loopback # Set up a static IP on the loopback interface ip addr assign dev lo 192.168.1.1/24 # Bring up the loopback interface ip link set dev lo up # Redirect all traffic to the local loopback interface iptables -t nat -A POSTROUTING -o eth0 -j MASQ iptables -t nat -A POSTROUTING -o lo -j MASQ iptables -t nat -A POSTROUTING -o eth1 -j MASQ iptables -t nat -A POSTROUTING -o tun0 -j MASQ iptables -t nat -A POSTROUTING -o vxlan0 -j MASQ iptables -t nat -A POSTROUTING -o virbr0 -j MASQ # Set up default route via the loopback interface ip route add default via 192.168.1.1 dev lo # Allow traffic to the local loopback interface iptables -t nat -A PREROUTING -i lo -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -j ACCEPT iptables -t nat -A PREROUTING -i tun0 -j ACCEPT iptables -t nat -A PREROUTING -i vxlan0 -j ACCEPT iptables -t nat -A PREROUTING -i virbr0 -j ACCEPT # Drop all other traffic iptables -t nat -A POSTROUTING -j DROP # Enable masquerade forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # Start the loopback interface as a bridge brctl addif br0 lo brctl addif br0 eth0 brctl addif br0 eth1 brctl addif br0 tun0 brctl addif br0 vxlan0 brctl addif br0 virbr0 # Set up the bridge with a static IP ip addr assign dev br0 192.168.1.2/24 ip link set dev br0 up # Set up default route via the bridge ip route add default via 192.168.1.2 dev br0 # Allow traffic to the bridge interface iptables -t nat -A PREROUTING -i br0 -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -j ACCEPT iptables -t nat -A PREROUTING -i tun0 -j ACCEPT iptables -t nat -A PREROUTING -i vxlan0 -j ACCEPT iptables -t nat -A PREROUTING -i virbr0 -j ACCEPT # Drop all other traffic iptables -t nat -A POSTROUTING -j DROP # Enable masquerade forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # Set up the bridge interface as a secondary DNS server ip ad assign dev br0 192.168.1.3/24 ip link set dev br0 up # Set up default route via the bridge ip route add default via 192.168.1.3 dev br0 # Allow traffic to the bridge interface iptables -t nat -A PREROUTING -i br0 -jACCEPT iptables -t nat -A PREROUTING -i eth0 -jACCEPT iptables -t nat -A PREROUTING -i eth1 -jACCEPT iptables -t nat -A PREROUTING -i tun0 -jACCEPT iptables -t nat -A PREROUTING -i vxlan0 -jACCEPT iptables -t nat -A PREROUTING -i virbr0 -jACCEPT # Drop all other traffic iptables -t nat -A POSTROUTING -jDROP # Enable masquerade forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # Add rules to allow traffic to the bridge interface iptables -t nat -A POSTROUTING -i br0 -jMASQUAGE iptables -t nat -A POSTROUTING -i eth0 -jMASQUAGE iptables -t nat -A POSTROUTING -i eth1 -jMASQUAGE iptables -t nat -A POSTROUTING -i tun0 -jMASQUAGE iptables -t nat -A POSTROUTING -i vxlan0 -jMASQUAGE iptables -t nat -A POSTROUTING -i virbr0 -jMASQUAGE # Enable IP masquerading on all interfaces echo "1" > /proc/sys/net/ipv4/iptable_masquerade_enable # Ensure all rules are applied service iptables save exit