I've been using firestarter to manage my firewall for a while and decided that i should manualy write my own rules so i know whats going on rather than trusting it to a GUI app
This computer needs to host my webserv, ssh, act as a gateway to computer on my network and download stuff with mldonkey. eth0 is connected to my adsl modem and eth1 (although its not listed) is plugged into my hub.
Anyway i though id post them here to find out if im doing anything wrong so tell me if there are any problems or improvments, i havn't actually tested it yet incase there are any major problems (i almost forgot to allow connections out
).
Code:
#!/bin/sh
iptables --flush # Trash any current rules
iptables --table nat --flush # "
iptables --delete-chain # "
iptables --table nat --delete-chain # "
iptables --policy INPUT DROP # Close all ports
iptables --append OUTPUT # Allow all outgoing connections
iptables --append FORWARD -j ACCEPT --source 192.168.1.0/24 # Setup computer as a gateway
iptables --append FORWARD -j ACCEPT --destination 192.168.1.0/24 # "
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE # Enable Masquerade
iptables --append INPUT --jump ACCEPT --source 192.168.1.0/24 # All traffic from inside accepted
#Allow the following ports
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 80 # Webserver
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 22 # SSH
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 1214 # mldonkey (fasttrack)
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 2859 --syn # mldonkey (overnet transfer)
iptables --append INPUT --jump ACCEPT --source 0/0 -p udp --dport 2859 # mldonkey (overnet searches)
iptables --append INPUT --jump ACCEPT --source 0/0 -p tcp --dport 4662 --syn # mldonkey (edonkey transfer)
iptables --append INPUT --jump ACCEPT --source 0/0 -p udp --dport 4666 # mldonkey (edonkey seaches)
echo 1 > /proc/sys/net/ipv4/ip_forward
