#!/bin/sh
firewall_start() {
iptables -F
iptables -t nat -F
iptables -t mangle -F
# Setting default policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# Basic Firewall
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow SSH
iptables -A INPUT -i eth+ -p tcp -m tcp --dport 22 -j ACCEPT
# (link 3) throw everything else away
iptables -A INPUT -j DROP
# Allow myself to be a non-passive FTP client
iptables -A INPUT -p tcp --dport ftp-data --jump ACCEPT
# No Telnet!
iptables -A OUTPUT -p tcp --dport telnet --jump REJECT
# Otherwise, drop inbound TCP packets with ICMP messages
iptables -A INPUT -p tcp --jump REJECT
iptables -A INPUT -p udp --jump REJECT
# Report what happened
echo 'Firewall rules installed:'
iptables -L
}
> then run
/etc/rc.d/rc.firewall >> /etc/rc.local
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment